Does your cable internet Provider give you a public ip4 address? Check this first. If not you might be able to request one from your Provider.
Second you do not need to enable https access to your router unless you need it for some other purpose.
Hello everyone, and thank you for your very useful advice. Regarding this procedure, I always have the problem that I cannot get Let´s Encrypt to produce a certificate. I have followed the guide scrupulously step by step but nothing, I get stuck at Step 2. I´ve tried Port 80 and Port 8001 too.
Please help me!
Let´s Encrypt Log:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: t6ufraaabum04ol.myfritz.net
Type: connection
Detail: 2001:9e8:20a:585:3a0:d5ff:fed:5033: Fetching http://t6ufraaabum04ol.myfritz.net/.well-known/acme-challenge/EMA5pe09ijDQQRX4qz2K1D0sW3PrnE4TdlRD8CfBUkE: Error getting validation data
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Let´s Encrypt YAML
domains:
- t6ufraakaum04ol.myfritz.net
email: [email protected]
keyfile: myfritzprivkey.pem
certfile: myfritzfullchain.pem
challenge: http
dns: {}
key_type: rsa
Question: why is there no IP address shown in the second screenshot? Did you remove it or is it empty?
Second, please remove keytype: rsa from the Let’s Encrypt configuration. This has recently changed in the add-on. I will update the instructions above to reflect that.
BTW: Is t6ufraakaum04ol.myfritz.net your real domain name? If yes, it’s not a good idea to make it public. Use a fake domain instead.
EDIT: Let’s Encrypt add-on config update done.
yes, I deleted the IP of my Home Assistant
OK I will remove the keytype line, thanks for the advice
myfritz address is not true, I have modified it.
I removed the line you told me, the result has changed but always don´t work.
[00:06:39] INFO: Selected http verification
[00:06:40] INFO: Detecting existing certificate type for xxxxxxxxxxxxxxx.myfritz.net:28247
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[00:06:41] INFO: No certificate found - using ‘ecdsa’ key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
That means certificate creation does not work. This is usually the case when the add-on is not reachable from the internet. Either port forwarding or DDNS is not working or you are using DS-Lite. Which type of Internet connection do you have? DSL, cable, fiber?
I have a DSL connection. Ping with my Smartphone in 4G works, but I don´t understand why I can´t get a certificate from Let´s Encrypt…
Where does port 28247 come from?
the Fritzbox automatically allocates it when I activate the myfritzbox account
It looks like the Domain Name configured in the let’s encrypt add-on includes this Port. But the yaml you posted above does not. Can you please Check. Post your yaml again but use the quote format for the text.
Which DSL Provider are you using?
My Provider is 1&1. Sorry but what do you mean with “quote format for the text”? Thank you
Please first Check if 1&1 provided you with Ds-lite. If yes, you do not have a public Ip4 address. If this is the case you can ask them to provide you with full DS. With Ds-lite you cannot use IP4 port forward.
1 Like
Okay, I’ll check it out. 
So I talked to the 1&1 service department and they told me that I have a Full DS.
I am attaching 2 screenshots to see if I am screwing something up in the settings. Thanks for the help
Please try selecting “Native IP-Anbindung verwenden”.
do you mean Native IPv4-Anbindung verwenden?
Yes try this
unfortunately on IPv4 I don’t have internet connection anymore, if I take off “IPv4 über DS-Lite” it connects only with IPv6 and not with IPv4.
In the log I found this entry,
so I guess the customer service on the phone today had no idea what they were telling me and that is that my connection is on DL-Lite.
So all I´m left with is the alternative of VNP.
Or you could try using Ipv6 instead. I have not done this but here is a thread about it https://community.home-assistant.io/t/external-access-to-ha-via-ipv6/689716
1 Like
Hi Patrick,
May I kindly ask you to share what changes did you implement to solve Alexa issue?
I have the same issue but reading the commented post it not clear to me how to solve it.
Thanks a lot in advance