Setting Up HassIO with DuckDNS

Weberan89 · December 16, 2017, 12:46pm

Hi there,

a few days ago i just switched from Openhab2 to HassIO (HomeAssistant) because i like the WebUI in HA.

After i included all my devices into HA (stuff like Hue, Max!, Yeelight, Sonoff, etc.) im now trying to get external access to HA. There im still struggling. I installed DuckDNS, set it up at duckdns.org and afterwards i activated port forwarding in my router from 443>8123 and also 8123>8123. When i try to reach HA via https:// xxx . duckdns . org i cant reach it. Only by using http:// xxx . duckdns . org: 8123 it is working fine. But as i understand that there is no encryption when using http://…

I just want to encrypt the connection. So i try to deactivate the http: access and activate the https: access.
Can someone help me out with this?

Thank you a lot.

Kind regards,
Weberan

configuration.yaml:

http:
  base_url: https://xxx.duckdns.org

DuckDNS Setup:

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "my token",
  "domains": [
    "xxx . duckdns . org"
  ],
  "seconds": 300
}

fanuch · December 16, 2017, 1:11pm

Theres a component in Hass that will effectively do all of this for you.

github.com

home-assistant/hassio-addons/blob/master/duckdns/README.md

# Home Assistant Add-on: DuckDNS

Automatically update your Duck DNS IP address with integrated HTTPS support via Let's Encrypt.

![Supports aarch64 Architecture][aarch64-shield] ![Supports amd64 Architecture][amd64-shield] ![Supports armhf Architecture][armhf-shield] ![Supports armv7 Architecture][armv7-shield] ![Supports i386 Architecture][i386-shield]

## About

[Duck DNS][duckdns] is a free service that points a DNS (sub-domains of duckdns.org) to an IP of your choice. This add-on includes support for Let’s Encrypt and automatically creates and renews your certificates. You need to sign up for a Duck DNS account before using this add-on.

[aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
[amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
[armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg
[armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg
[i386-shield]: https://img.shields.io/badge/i386-yes-green.svg
[duckdns]: https://duckdns.org

Also, use triple backticks(`) to maintain the formatting of you code. One extra whitespace can be the difference between working, and not working

fanuch · December 16, 2017, 1:13pm

also, in the article you linked, the base URL has to have a https://.... but your base URL doesn’t have that above.

Weberan89 · December 16, 2017, 2:21pm

Argh, thanks. Just found out that i had a second instance of “http:” at the bottom of configuration.yaml. There it was already https:…

Also i used the DuckDNS package which you linked in your earlier comment.

What do you mean with ‘’'? Should i add this to my yaml-File or here when posting some yaml snippets? Srr i dont get it yet.

After playing around and deleting the port forwarding except 8123>8123 (because it is told that you dont need port forwarding in the link above). After a restart i think i dont get any encryption files. The DuckDNS log tells me that:

starting version 3.2.2

INFO: Using main config file /data/workdir/config

Generating account key…

Registering account key with ACME server…

Done!
Sat Dec 16 14:20:51 CET 2017: KO

INFO: Using main config file /data/workdir/config

Processing xxx.duckdns.org

Signing domains…

Creating new directory /data/letsencrypt/xxx.duckdns.org …

Generating private key…

Generating signing request…

Requesting challenge for xxx.duckdns.org…
KO + Responding to challenge for xxx.duckdns.org…
KOUnknown hook invalid_challenge
ERROR: Challenge is invalid! (returned: invalid) (result: {
“type”: “dns-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: “Correct value not found for DNS challenge”,
“status”: 403
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/xxx”,
“token”: “xxx”,
“keyAuthorization”: “xxx”
})
Sat Dec 16 14:26:23 CET 2017: KO
Sat Dec 16 14:31:24 CET 2017: KO
…

Do you know what the problem can be? Thanks a lot for your help.

fanuch · December 16, 2017, 2:50pm

When posting code in the forums, use `` ` (no space!) at the start and end of the code.

Like this  ...

Weberan89 · December 16, 2017, 2:55pm

Alright. Just edited the first entry.

fanuch · December 16, 2017, 3:44pm

403 meants forbidden.

Can you now access your HA internally by going to https://the-IP-internal-address:8123?

Weberan89 · December 16, 2017, 3:57pm

Unfortunately not. The error code which is desplayed within mozilla is:
Fehlercode: SSL_ERROR_RX_RECORD_TOO_LONG

Edit:
Never mind. I got some help from a friend. He just found out that my base_url within the configuration.yaml is not within quotes “”. So now my setting is:

configuration.yaml

http:
  # Secrets are defined in the file secrets.yaml
  api_password: !secret http_password
  # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
  base_url: "xxx.duckdns.org:8123" # without https: but within quotes!
  ssl_certificate: "/ssl/fullchain.pem"
  ssl_key: "/ssl/privkey.pem"
  ip_ban_enabled: True
  login_attempts_threshold: 20

DuckDNS:

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "xxx",
  "domains": [
    "xxx.duckdns.org"
  ],
  "seconds": 300
}

And within the router i made the port forwarding from 443 > 8123.
So now i can reach my HassIO over : https://xxx.duckdns.org