^what he said.
Obvious when somebody actually says it!
Thank you all, and the problem is solved!
So, I hope this benefits anyone with a router where the port forwarding is limited, and thanks again for all of you that helped. Iāll try and be as precise as I can with what I found to have worked.
Letās assume you are following the instructions here and you get stuck on step 5. It asks you to set up a port forwarding rule on a router with limited rule creation capabilities.
For router Netgear CG3100D-2, instead of what the instructions tell you in step 5, create rule as follows:
name: ha_ssl
start 443
end 8123
protocol both
192.168.0.### (the static IP address you set up in previous steps)
The other rule that should already be set up is:
name: ha_letsencrypt
start 80
end 80
protocol both
192.168.0.### (the static IP address you set up in previous steps)
The configuration file should read:
http:
api_password: obviouslyimnotgoingtotellyou
ssl_certificate: /private/etc/letsencrypt/live/examplehome.duckdns.org/fullchain.pem
ssl_key: /private/etc/letsencrypt/live/examplehome.duckdns.org/privkey.pem
base_url: examplehome.duckdns.org:8123
obviously replacing the above password and duckdns items āexamplehomeā.
When logging in remotely and locally, I then found that I could access HA via:
I would also add that I found that app dDNS Broker very helpful for keeping duckdns up to date, even though it costs $4, itās easy to set up and run on a Mac. Secondly I installed https://brew.sh to help in step 4 with the commands used to download the certificate, using the instructions here.
Certificate renewal is easiest on a Mac IMHO by using the command
sudo certbot certonly --standalone -n -d examplehome.duckdns.org -d www.examplehome.duckdns.org
but Iām trying to figure out the best way of setting that up as Iāve just discovered that crontab no longer works 
Thanks again everyone, and I hope this helps someone else in the future.
You can set a HA automation to renew the certificate, itās in the guide 
AH! I thought that was it!!
1 Like
I tried that alas but the Mac syntax no longer wants to play.
So Iāve got up to step 7, but now Iām stuck.
$ sudo apt-get update
$ sudo apt-get install ssl-cert-check
returns ācommand not foundā
Itās late and I need some sleep. One day Iāll buy a Raspberry pi and dive in there because I suspect most of these instructions are written for that system.
and adding :8123 to the base_url
1 Like
And thatās something I am going to try on my set up. I want to see if it breaks anything.
In the note below those commands is the location where the script for ssl-cert-check can be found. I canāt help with how you would then use that script on a Mac, but Iām sure somebody can point you in the right direction.
Hope this helps.
1 Like
thank you. Iāll hunt around tomorrow.