It’s all good 
One suggestion would be to use NGINX - it will enable you to run Home Assistant in NON-SSL mode and will proxy the connection for you. That would mean that from outside you could access HASS as usual, but internally, ApDaemon could talk to HASS over a regular HTTP connection, and you could access HASS internally using the IP address instead of DSuck DNS. I have this setup and it works well.
Actually I’d never been able to run HA on my network with the duckDNS domain, never, and I thoughted this was normal 
I do am abe to access HA from the outside with just the duckDNS domain (httpS://xxx.duckdns.org) but internally I have to use httpS://192.168.xx.xxx:8213 and the same is for my mosquitto broker, externally I can call it using dukDNS domain but internally i have to use httpS://192.168.xx.xxx:portNumber
So is this not a normal behaviour? (As I ould love to be able to run HA from one single URL instead of chnging each time I leave my network reason why I prefere tosolve that instead of using NGINX and by the way hairpinning it seems it’s not supported by my router 
)
Normal is a moot point, but it is the source of your problem. Most routers have the ability to understand this and map it back into your domain, but some can;t. If you use the IP address you get an SSL security violation because the IP doesn not match the expected hostname in the CERT, I am not aware of a way around that with the libraries I am using. My suggestion would be to go down the NGINX route and leave HASS running over HTTP, with NGINX proxying the outside SSL access for you.
Hi
Haha, agree… it’s a moot point. After your post decide to set up NGINX and I almost had success.
It instaled correctly and it’s running but actually I opened a post because I’m having the dollowing bad behaviour with nginx.
By chance, do yo know how can I fix this? (Beacuse obviously as NGINX it’s not working properly I’m still unable to run appDeamon)
If I use http://192.168.xx.xxx (withouth the S) to access HA, automatically the domain changes to httpS://192.168.xx.xxx and the displayed web page says “502 Bad gateway”
*Obviouslly If I use httpS://192.168.xx.xxx it says the same as above
If I use my “regular/normal” way to access HA internally using httpS://192.168.xx.xxx:8123 it works as usual
The strangest thing to me; If I use http://xx.duckdns.org (without the S) from inside my network, it now shows the router’s config webpage (the one that I should acess with 192.168.1.1) (before NGINX that duckDNS address was not accessible)
If I use httpS://xx.duxkdns.org (using the S) from inside my network it says that the webpage it’s not accessible (the same message as ever)
If I try to acces the duckdns URL (with http:// or with https://) from the outside it’s impossible access to HA
If you are using NGINX, change Home Assistant to regular SSL and make the appropriate adjustments.
Thanks Andrew!
Ok, What Ialready did is the following with my config.yaml;
http:
api_password: xxx
#ssl_certificate: ‘/etc/letsencrypt/live/xxx.duckdns.org/fullchain.pem’
#ssl_key: ‘/etc/letsencrypt/live/xxx.duckdns.org/privkey.pem’
#base_url: xxx.duckdns.org:8213
trusted_networks:
- 192.168.x.x/24
After doing that (remove the 2 cert rows in the http section of my config.yaml I’m able to access internally with the IP of the RPi3 witout using any port or the “s” in http, so I can use 192.168.xx.xx and it works
From the outside I’m able to use http://xxx.duckdns.org or httpS://xxx.duckdns.org and both ways works
The only really strange thing and wich actually is preventing me to use AppDeamon is;
if I use http://xxx.duckdns.org internally sends me directly to my router’s webpage
And if I use httpS://xxx.duckdns.org it doesn’t work as always
Do you know why this could be and how to fix it? (Just as a reminder my router don’t support loopback)
Also why the “trusted network” it doesn’t work anymore?
I’m not sure about the router piece, but you should be able to use http://192.168.x.x:8123 in AppDaemon to allow it to access home assistant.