Remote Access using a FritzBox & the AVM myFritz DDNS Service

This might help you: https://community.home-assistant.io/t/network-grayed/435665

I’m having problems with setting up nginx.

I made everything like you said until you had written this:
" 2. Add your myFritz domain to the Home Assistant URL in Setup → System → Network"

How? For me “Remote Access” is disabled… How am I able to put the domain inside this settings?

You have to enable “Advanced Mode” in your user profile to see this.

1 Like

Thank you! Now I can insert the domain.

Problem now is, when I try to access the https[…] url, it tells me, that “Diese Website kann keine sichere Verbindung bereitstellen[…]”. What now? I had run the cert-bot, the following is the log of it:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[02:06:12] INFO: Selected http verification
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for xxx.myfritz.net

Successfully received certificate.
Certificate is saved at: /data/letsencrypt/live/xxx.myfritz.net/fullchain.pem
Key is saved at:         /data/letsencrypt/live/xxx.myfritz.net/privkey.pem
This certificate expires on 2024-03-25.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

I don’t quit understand that we need to choose “http” at the “Challenge”-Configuration. How are we able to access it via https?

Did you configure port forwarding in your router? Which https URL do you use? Cerbot is not included (and not required) in my setup. What are you doing differently?

1 Like

Did you configure port forwarding in your router?

Yes, I did. Have a look:

Which https URL do you use?

I use an automatic provided link from AVM. Something like “xxxxxxxxx.myfritz.net” for example, with the addition of the port: xxxxxxxx.myfritz.net:8123
With the port-forwarding it should forward me to the nginx-server, I guess, but there only comes this error:

400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx

Even if I try to put “https://” before the url, it gives me a error, but a different:

Die Website ist nicht erreichbar
Die Webseite unter https://home-assistant.dns.navy:8123/ ist eventuell vorübergehend nicht verfügbar oder wurde dauerhaft an eine neue Webadresse verschoben.

ERR_SSL_UNRECOGNIZED_NAME_ALERT

Cerbot is not included (and not required) in my setup. What are you doing differently?

I am doing nothing differently, that’s the problem i’m having lol

I managed to make HA reachable from the outside, but with no certificate/ssl.
So when I change the port-forwarding from 443 (internal, the port of nginx) to 8123 (internal, the port of HA itself), then I can reach it, but without a trusted connection.


I’m writing this while writing this answer, so I did recognize my fault while complaining lol:
I use 2 different DNS-Services. I made a fault while trying to reach HA, because I used the the different DNS-adress (from DynV6), which (of course) wasn’t ssl-secured (I couldn’t even get to the HA-interface).
After I tried reaching HA via the myfritz-adress (with “https://” in front of it), I could login and use HA (with a ssl-secued connection, recognizable from the “lock”-symbol on the top left of the browser, beside the link.)

Thank you, allthough I managed to find the solution to my problem myself xD

I have an issue renewing the certificate:

[07:42:38] INFO: Selected http verification
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for xxxyyyzzz.myfritz.net

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: 0vo3t2bvbdpigvq6.myfritz.net
  Type:   connection
  Detail: 91.63.188.168: Fetching http://xxxyyyzzz.myfritz.net/.well-known/acme-challenge/Dg1D6vjiMP0RpOEEjWZIibvaj1kqobvVOXbpgybW4mY: Connection refused

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

What can I try here?

EDIT: I found my mistake.

I had the port forwarding incorrect. It should be like this:

Now it is working as expected!

Yes, this is step II.4

I was looking into remotely connecting my HA with my Fritz!box but i found a much quicker solution. I just added the VPN to a user in my Fritz!box by going to System- FRITZ!Box Users - Add user with VPN or add VPN to an existing user. Then you copy the VPN Data right next to it from Show VPN Settings to your mobile phone.

I tried using the MyFritz!App but i kept getting errors when i tried connecting to the internet so i manually added the VPN to my phone via settings-Connections-More connections-VPN. If anyone wants to use this also check on your Fritz!box that VPN is enabled at Internet - Permit Access - VPN(IPSec) your newly added user should be ticked off under enabled.

PS: If you use this you don’t need to configure port forwarding.

I know this isn’t what you were looking for because you didn’t want to use VPN but i find this much easier than using wireguard or following all your steps. Just wanted to share this info for other less advanced users like me :slight_smile:

I know this but this thread is NOT about using VPN.

Just wanted to give some feedback to my problem with the greyed out UI-control.

I did not find a solution to enable the UI-control again, that is why I decided to simply write the external myFritz domain into the configuration.yml like this:

homeassistant: 

  external_url: "https://xxxxxxxxxxxxxxxx.myfritz.net:8123"

With this setup, everything works as expected :slight_smile:

I tried to follow your steps but now i can’t login to home assistant anymore and i see an Nginx failure via my Rpi.

In step V do i need to replace the ip 172.30.33.0/24 to 192.168.178.0/24 ?(because my router is ip 192.168.178.1 and my HA is ip 192.168.178.60. because i thinks that’s the problem.

No, use the IP exactly as shown. These are the IPs used by HA docker containers.

1 Like

Thanks for the instructions, remote access is working fine with myfritz. Only thing I couldn’t get to work is the alexa skill. When I try to activate the skill and fill in my username and password it says “Konto konnte nicht mit alexa verknüpft werden”.
Is the skill working for you?

Are you using the Nabu Casa Cloud?

No I am not. Before I used duckdns with a self created Alexa Skill and now i am using myfritz. Therefore I changed the BASE_URL, the web authorization uri and the Access token uri to the new myfritz address but when i try to activate the Skill there comes the homeassistant Login Page but when i enter my Account Details this Error Message appears.

I don’t see any reason why it should not work with myfritz if it did work with duckdns unless something else changed. Did you use https before?

I could manage to get this running with the help of this thread: Alexa, no cloud, external port 8123 with events! - #23 by jcss2503

I use Homeassistant with a FritzBox 7590 in the Deutsche Glasfaser network.
Somehow I can’t manage to get a certificate.
With the Let’s Encrypt add-on, I always get the following error message, even though I have configured port forwarding on the FritzBox.

“Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.”

Is it possible that it is a problem that I am in an IPv6 network with Deutsche Galsfaser and my Homeassistant is configured for both IPv6 and IPv4?

Has anyone been able to use these instructions with a Deutsche Glasfaser connection?

I would appreciate an answer.

Many thanks
Achim

Are you using port 80 externally? This is required. If yes then it should be OK and it might have something to do with the fiber connection. I recommend that you create a new issue for the Let’s Encrypt addon here: https://github.com/home-assistant/addons/issues