Hi all
I have installed LE & DuckDNS on Home Assistant OS (2020.12.0) and everything seems OK.
On the router, I have forwarded tcp 443 to 8123 which is reported as open.
When I try to connect from a browser on a remote LAN with https://.duckdns.org I get the following error message:
SSL_ERROR_RX_RECORD_TOO_LONG
Any idea what might be wrong?
Same here with add-on Duckdns alone ( without LE )
http://192.168.1.92:8123/hassio/addon/core_duckdns/documentation
Browser is Firefox
Secure Connection Failed
An error occurred during a connection to xxxx9.duckdns.org:443. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Anyone?
Forgot to mention that I mainly use FF but Chromium gives:
ERR_SSL_PROTOCOL_ERROR
With the Android mobile app 3.0.2 minimal I also get
ERR_SSL_PROTOCOL_ERROR
For anyone bumping on this: the reason for my problem was because I forgot to enter the http integration in my configuration.yaml
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
@gerardsamara: maybe this solves your problem…
Thanks @Nick4 for the proposal.
When i enter the http integration in the configuration file , I cannot reconnect to HA after HA reset .
I had to connect via SSH and manually remove the http integration in configuration.yaml file.
In the Duckdns addon documentation this http integration is included , so is it really needed when using Duckdns addon alone ( without Let’sEncrypt addon) ?
http://192.168.1.92:8123/hassio/addon/core_duckdns/documentation
The Duckdns addon log looks ok at start
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[09:45:37] INFO: OK
xxx.177.102.213
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing xxxx.duckdns.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Mar 12 16:20:18 2021 GMT Certificate will not expire
(Longer than 30 days). Skipping renew!
[09:50:49] INFO: OK
xxx.177.102.213
NOCHANGE
[09:55:50] INFO: OK
xxx.177.102.213
NOCHANGE
With the HA Android application i got also
ERR_SSL_PROTOCOL_ERROR
Without Let’s Encrypt, you have to use port 8123 (both WAN & LAN) AND specify the port when connecting, being
Any particular reason for not using LE?
Thanks for the setup. … no progress so I will try now LE+Duckdns
Hi Nick4,
Sorry to bother you but as per the Duckdns add-on … http://192.168.1.xx:8123/hassio/addon/core_duckdns/documentation , sounds like you are just overwriting the default value ( post #4 )
Additionally, you'll need to configure the Home Assistant Core to pick up the SSL certificates. This is done by setting the following configuration for the HTTP integration configuration in your configuration.yaml:
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
Option lets_encrypt.certfile
The name of the certificate file generated by Let's Encrypt. The file is used for SSL by Home Assistant add-ons and is recommended to keep the filename as-is (fullchain.pem) for compatibility.
Note: The file is stored in /ssl/, which is the default for Home Assistant
Option lets_encrypt.keyfile
The name of the private key file generated by Let's Encrypt. The private key file is used for SSL by Home Assistant add-ons and is recommended to keep the filename as-is (privkey.pem) for compatibility.
Note: The file is stored in /ssl/, which is the default for Home Assistant
.
==>> I am not sure about what i am saying but this is what i understand from the doc.
Hi @gerardsamara, no problem.
What do you mean by “overwriting”?
I have configured it with the documentation from the duckdns add-on and it works.
FYI: the link to the documentation that you provide is on your LAN so nobody can open that.
For the link to the documentation , it can be accessed from the documentation tab of the Duckdns addon as you said , i did not found other link from the documentation.
For the overwriting point :
In the duckdns and Letsencrypt addons , their configuration file contains both
…
certfile: fullchain.pem
keyfile: privkey.pem
…
Which is the default files as per the duckdns addon file
Option lets_encrypt.certfile
The name of the certificate file generated by Let's Encrypt. The file is used for SSL by Home Assistant add-ons and is recommended to keep the filename as-is (fullchain.pem) for compatibility.
Note: The file is stored in /ssl/, which is the default for Home Assistant
So adding the http part in configuration.yaml file is doing the same if the sytem is behaving properly
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
==>> Hope this is clear and that i have correctly interpreted the documentation.!
==>> Here I may have a problem as the http part in configuration file prevents HA to restart !
Sorry, still don’t get your point about the certificate issue.
Are you sure HA is not restarting!?
It’s not becoming any easier by using multiple, different topics…
EDIT: you also have to be aware that some modem/routers don’t support NAT loopback, so you cannot connect to your own network being on your LAN as if you connect from the internet.
@Nick4 ,
Thanks for your reply.
You are right , in order to don’t hijack your (solved) post , I have created a new topic