Secure remote access HA login problems

I can’t seem to get into HA after connecting to my Raspberry Pi 4 remotely. I had been operating HA locally through (IP address):8123 successfully. I recently added secure remote access capability using DuckDNS and LetsEncrypt per JuanMTech’s latest instruction. When I log into my HA through my newly created DuckDNS domain name, it takes me to the HA login page which I think means that the SSL and port forwarding stuff worked properly but after entering my login information I get the HA logo with “Unable to connect to Home Assistant. RETRY” underneath it. I can access HA through my iPhone cell service in this new configuration but not my laptop on wifi. Any ideas why that would be?

Here are the responses I get:

http://192.168.xxx.xxx:8123 – “This page isn’t working.192.168.254.181 didn’t send any data. ERR_EMPTY_RESPONSE”
https://192.168.xxx.xxx:8123 – “Your search - https://192.168.xxx.xxx:8123 - did not match any documents.”
https://my-domain.duckdns.org (on laptop wifi) – HA login followed by “Unable to connect to Home Assistant. RETRY” Note: at the HA login screen, it says “You’re about to give https://my-domain.duckdns.org/ access to your Home Assistant instance. Logging in with Home Assistant Local.”
https://my-domain.duckdns.org (on iPhone wifi) – “Unable to connect to Home Assistant. RETRY” No HA login screen.
https://my-domain.duckdns.org (on iphone cell service) – Successful HA login.

=======================================================================

I’m guessing this stuff is not relevant since I’m getting to my HA server but if not, here are my DuckDNS and SSL settings:

– I have a static IP address established for my Hassio server and established a DuckDNS url
– Port 443 is forwarded to 8123 on my router
– I installed DuckDNS with the following settings:

lets_encrypt:
accept_terms: true
certfile: fullchain.pem
keyfile: privkey.pem
token: my-token-from-DuckDNS-page
domains:
my-subdomain .duckdns.org
seconds: 300

–I put the http: integration info into my configuration.yaml as follows:
http:
base_url: my-subdomain .duckdns.org
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

That video is quite old, and missed a few tricks at the time, it depends on what you are trying to do, but I’d recommend : -

1 Like

Mutt, thanks for the response. I tried your recommendation step by step and got the same results from the mydomain.duckdns.org. The one good bit is that I can now connect locally via hassserverIP:8123 which I could not before. The bad news is that I now lost my Smartthings integration which is the main reason I’m trying to do set up secure remote access. Hmmm.

I’m confused that my iPhone lets me connect via cell service but not the laptop via wifi (the cell phone can’t connect via wifi either). Seems like the the answer is somewhere there. Whatever differentiates the iPhone’s cell communication from the laptop’s wifi should be the answer. I’m too much of a noob to know what that difference is.

Hmmmm,
This sounds like your modem/router is having problems with hairpin nat (ie it thinks the external address is external and does not recognise that it should be talking to itself. You may be fine if you are actually trying to communicate from an actual external location (like your phone is doing because its routed through your cell providers external system)
You could try Google search for hairpin and your modem make/model.
All of this doesn’t help you if need smartthings.
The best alternative is using Nabu casa, there’s a month free to test and get things going but ultimately its a paid solution that ‘may’ be worth it.
Good Luck

Ok. Thanks for the effort Mutt! I was thinking of upgrading my router anyway so maybe that will shake things up and fix my problem.

Please check first, I’d hate you to spend “any money” and find the position the same.
AND
It may not cure your ‘smarthings’ issues regardless

1 Like

Just to close the loop (pun unintended), I ended up doing a lot of research on NAT loopback/hairpin and it sounds like Mutt was correct that this was the source of my problem. It’s explained very nicely here. My old ISP provided Arris router did not support NAT loopback. I replaced my router with an Orbi RBR50 which does support NAT loopback and I’m now able to access my external URL Raspberry Pi HA server from inside the same network. Many thanks Mutt.

1 Like

I’m curious how you set it up? Where did you put the 443 and 8123 in the port forwarding section?