That means certificate creation does not work. This is usually the case when the add-on is not reachable from the internet. Either port forwarding or DDNS is not working or you are using DS-Lite. Which type of Internet connection do you have? DSL, cable, fiber?
I have a DSL connection. Ping with my Smartphone in 4G works, but I don´t understand why I can´t get a certificate from Let´s Encrypt…
Where does port 28247 come from?
the Fritzbox automatically allocates it when I activate the myfritzbox account
It looks like the Domain Name configured in the let’s encrypt add-on includes this Port. But the yaml you posted above does not. Can you please Check. Post your yaml again but use the quote format for the text.
Which DSL Provider are you using?
My Provider is 1&1. Sorry but what do you mean with “quote format for the text”? Thank you
Please first Check if 1&1 provided you with Ds-lite. If yes, you do not have a public Ip4 address. If this is the case you can ask them to provide you with full DS. With Ds-lite you cannot use IP4 port forward.
1 Like
Okay, I’ll check it out. 
So I talked to the 1&1 service department and they told me that I have a Full DS.
I am attaching 2 screenshots to see if I am screwing something up in the settings. Thanks for the help
Please try selecting “Native IP-Anbindung verwenden”.
do you mean Native IPv4-Anbindung verwenden?
Yes try this
unfortunately on IPv4 I don’t have internet connection anymore, if I take off “IPv4 über DS-Lite” it connects only with IPv6 and not with IPv4.
In the log I found this entry,
so I guess the customer service on the phone today had no idea what they were telling me and that is that my connection is on DL-Lite.
So all I´m left with is the alternative of VNP.
Or you could try using Ipv6 instead. I have not done this but here is a thread about it https://community.home-assistant.io/t/external-access-to-ha-via-ipv6/689716
1 Like
Hi Patrick,
May I kindly ask you to share what changes did you implement to solve Alexa issue?
I have the same issue but reading the commented post it not clear to me how to solve it.
Thanks a lot in advance
I have the same problem but I also cannot understand what to change from the linked thread. @C09038 and @patrickfl could you please help?
Hello Chris,
it looks like, you missed to create the portforwarding for IPv6. My provider is also 1&1 and I have a DSLite connection, means no native IPv4.
If you create your rule, then select “Internet access for IPv4 and IPv6”
You should get two entries.
One for IPv4 and the second for IPv6. Both ports have to be open, that letsencryp can create a new certificate.
1 Like
Why do you exclude DS-Lite?
I didn’t figure out how it works, yet. But it should be possible, nor?
In my current setup I use “MyFritz Device sharing” on port 8123 of my HA instance. With that I’m able to connect via IPv6 from remote to my HA. Forsure, for that all devices need IPv6. In most cases that’s not an issue.
But with that configuration, I’m not able to connect via the compaion app to my IPv4 address of HA, due to wrong certificates. Even in my local network.
When I tried to setup everything with Nginx, I was able to connect via IPv4 locally, but the remote access via IPv6 did not work anymore
IPv4 does not work with DS-Lite because the provider does not give you a public IPv4 address you can connect to from the internet. You can “IPv4 out” from your home network but you cannot “IPv4 in”. IPv6 should work in general but is seems that Nginx does not support it. At least I could not make it work with Nginx.
1 Like
Sorry I am a bit late. I don’t remember exactly what I did but I think I just followed the instructions of the first contribution on this thread https://community.home-assistant.io/t/alexa-no-cloud-external-port-8123-with-events/226128