No, use the IP exactly as shown. These are the IPs used by HA docker containers.
1 Like
Thanks for the instructions, remote access is working fine with myfritz. Only thing I couldn’t get to work is the alexa skill. When I try to activate the skill and fill in my username and password it says “Konto konnte nicht mit alexa verknüpft werden”.
Is the skill working for you?
Are you using the Nabu Casa Cloud?
No I am not. Before I used duckdns with a self created Alexa Skill and now i am using myfritz. Therefore I changed the BASE_URL, the web authorization uri and the Access token uri to the new myfritz address but when i try to activate the Skill there comes the homeassistant Login Page but when i enter my Account Details this Error Message appears.
I don’t see any reason why it should not work with myfritz if it did work with duckdns unless something else changed. Did you use https before?
I could manage to get this running with the help of this thread: Alexa, no cloud, external port 8123 with events! - #23 by jcss2503
I use Homeassistant with a FritzBox 7590 in the Deutsche Glasfaser network.
Somehow I can’t manage to get a certificate.
With the Let’s Encrypt add-on, I always get the following error message, even though I have configured port forwarding on the FritzBox.
“Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.”
Is it possible that it is a problem that I am in an IPv6 network with Deutsche Galsfaser and my Homeassistant is configured for both IPv6 and IPv4?
Has anyone been able to use these instructions with a Deutsche Glasfaser connection?
I would appreciate an answer.
Many thanks
Achim
Are you using port 80 externally? This is required. If yes then it should be OK and it might have something to do with the fiber connection. I recommend that you create a new issue for the Let’s Encrypt addon here: https://github.com/home-assistant/addons/issues
Info because i had this Problem and wanna remember me 
.
When you have a myfritz or/and a dyndns setup directly on the Fritzbox, a portforwarding via z.b. nginx Proxy manager will always ends on the Fritzbox Login Page until you removed them and Update the dyndns via a other Maschine or homeassistent Integration (duckdns addon). IPV6 doesnt support NAT.
Edit: On the duckdns you can maybe only Update the ipv4 Adresse:
Update-URL:
IP v4 only:
https://www.duckdns.org/update?domains=&token=&ip=
IP v6 only:
https://www.duckdns.org/update?domains=&token=&ipv6=
IP v4 + v6:
https://www.duckdns.org/update?domains=&token=&ip=&ipv6=
I don’t understand how this relates to my original post. If you follow my steps above it should work. Did you use the correct Nginx add-on?
Yes I was just reading too fast.
Hi There,
I’m stack already on II. Certificates !
-
I setup my fritzbox with port 8001
-
installed Let’s Encrypt add-on
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[10:29:39] INFO: Selected DNS Provider: null
[10:29:39] INFO: Use propagation seconds: 60
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
> certbot: error: unrecognized arguments: --null --null-credentials /data/dnsapikey
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
Anyone who can help me with the error message:
certbot: error: unrecognized arguments: --null --null-credentials /data/dnsapikey
Did you configure Port forwarding for port 80? See step II.4.
I can’t get it to work. I’m not sure whether it has something to do with my FritzBox or HA settings. Will share my settings so hopefully others can profit as well.
Step I 1 to 3: worked fine.
Step I 4: Can’t ping xxxxxxxxx.myfritz. net with my phone (mobile data). Also tried https:// xxxxxxxxx.myfritz. net:63465 without luck. Under Internet → MyFRITZ!-Konto I checked “MyFRITZ! für diese FRITZ!Box aktiv“, „Internetzugriff auf die FRITZ!Box über HTTPS aktiviert“ and „Zertifikat von letsencrypt.org verwenden (empfohlen)“.
Step II 4: Port forwarding for HTTP is set to port 80 internal and external. For HTTPS I can not set the external port to 8123 and it automatically sets it to 443 (default). Anyway, it should work with just HTTP being set.
Step II 5: I get the following log in Let’s Encrypt:
[12:51:12] INFO: Selected http verification
[12:51:12] INFO: Detecting existing certificate type for xxxxxxxxx.myfritz. net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[12:51:15] INFO: No certificate found - using ‘ecdsa’ key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for xxxxxxxxx.myfritz. netCertbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: xxxxxxxxx.myfritz. net
Type: connection
Detail: 2a02:9x8:f00x:fx::1279: Fetching http:// xxxxxxxxx.myfritz. net/.well-known/acme-challenge/A5LiWJEMIT1sr9DocoOGSNVBgAwP6kkfW9Z_UVuEirQ: Error getting validation dataHint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
FRITZ!Box 6591 Cable is the router I use.
What am I doing wrong? Has it soemthing to do with IPv6? Do I need Dual Stack?
Does your cable internet Provider give you a public ip4 address? Check this first. If not you might be able to request one from your Provider.
Second you do not need to enable https access to your router unless you need it for some other purpose.
Hello everyone, and thank you for your very useful advice. Regarding this procedure, I always have the problem that I cannot get Let´s Encrypt to produce a certificate. I have followed the guide scrupulously step by step but nothing, I get stuck at Step 2. I´ve tried Port 80 and Port 8001 too.
Please help me!
Let´s Encrypt Log:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: t6ufraaabum04ol.myfritz.net
Type: connection
Detail: 2001:9e8:20a:585:3a0:d5ff:fed:5033: Fetching http://t6ufraaabum04ol.myfritz.net/.well-known/acme-challenge/EMA5pe09ijDQQRX4qz2K1D0sW3PrnE4TdlRD8CfBUkE: Error getting validation data
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Let´s Encrypt YAML
domains:
- t6ufraakaum04ol.myfritz.net
email: [email protected]
keyfile: myfritzprivkey.pem
certfile: myfritzfullchain.pem
challenge: http
dns: {}
key_type: rsa
Question: why is there no IP address shown in the second screenshot? Did you remove it or is it empty?
Second, please remove keytype: rsa from the Let’s Encrypt configuration. This has recently changed in the add-on. I will update the instructions above to reflect that.
BTW: Is t6ufraakaum04ol.myfritz.net your real domain name? If yes, it’s not a good idea to make it public. Use a fake domain instead.
EDIT: Let’s Encrypt add-on config update done.
yes, I deleted the IP of my Home Assistant
OK I will remove the keytype line, thanks for the advice
myfritz address is not true, I have modified it.
I removed the line you told me, the result has changed but always don´t work.
[00:06:39] INFO: Selected http verification
[00:06:40] INFO: Detecting existing certificate type for xxxxxxxxxxxxxxx.myfritz.net:28247
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[00:06:41] INFO: No certificate found - using ‘ecdsa’ key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
That means certificate creation does not work. This is usually the case when the add-on is not reachable from the internet. Either port forwarding or DDNS is not working or you are using DS-Lite. Which type of Internet connection do you have? DSL, cable, fiber?