My pi3 and my pc are connected via cables to my Arris router. No ports are forwarded (yet). I have a static IP in my router and no USB stick for the pi. Fresh hassio config on sd card using the latest from hassio web and balenaEtcher. After 20 min log in to HA. Load add-0ns configurator and duckdns. I have the duckdns token from doing this prior. Modify the config for duckdns as follows
{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “xxxxxxxxxxxxmy_tokenxxxxxxxxxxxxxxxxxx”,
“domains”: [“my_domain.duckdns.org”
],
“seconds”: 300
}
I start duckdns and no errors, certificates generated in the ssl directory.
> # INFO: Using main config file /data/workdir/config
> + Generating account key...
> + Registering account key with ACME server...
> + Done!
> Sun Jun 23 15:50:48 PDT 2019: OK
> 75.33.193.66
> NOCHANGE
> # INFO: Using main config file /data/workdir/config
> + Creating chain cache directory /data/workdir/chains
> Processing my_domain.duckdns.org
> + Creating new directory /data/letsencrypt/my_domain.duckdns.org ...
> + Signing domains...
> + Generating private key...
> + Generating signing request...
> + Requesting new certificate order from CA...
> + Received 1 authorizations URLs from the CA
> + Handling authorization for my_domain.duckdns.org
> + 1 pending challenge(s)
> + Deploying challenge tokens...
> OK + Responding to challenge for my_domain.duckdns.org authorization...
> + Challenge is valid!
> + Cleaning challenge tokens...
> OK + Requesting certificate...
> + Checking certificate...
> + Done!
> + Creating fullchain.pem...
> + Done!
> core-ssh:/ssl# ls
> fullchain.pem privkey.pem
> core-ssh:/ssl#
Check the home-assistant.log from the configurator - nothing
Check the system log from the HA interface hass.io → system - seems ok
> 19-06-23 22:49:43 INFO (MainThread) [hassio.addons] Create Home Assistant add-on data folder /data/addons/data/core_duckdns
> 19-06-23 22:49:43 INFO (SyncWorker_16) [hassio.docker.interface] Pull image homeassistant/armv7-addon-duckdns tag 1.6.
> 19-06-23 22:49:47 INFO (SyncWorker_16) [hassio.docker.interface] Tag image homeassistant/armv7-addon-duckdns with version 1.6 as latest
> 19-06-23 22:50:12 INFO (SyncWorker_10) [hassio.docker.addon] Start Docker add-on homeassistant/armv7-addon-duckdns with version 1.6
I remove the ‘#’ from the http: and add the ssl info in the configuration.yaml and save
> http:
> base_url: "https://my_domain.duckdns.org"
> ssl_certificate: /ssl/fullchain.pem
> ssl_key: /ssl/privkey.pem
Hit check config and then restart
I am never able to log back in post rebooting using (http://my_ip:8123 or https://my_ip:8123)
This is the error in the home-assistant.log
> ) 2019-06-20 21:13:30 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed Traceback (most recent call last): File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
I have received several valuable comments here, but noting has solved the problem of being able to log back in from my pc. I have a mac on the network and tried safari and that too didn’t work. I was told in that other thread that getting https://my_domain.duckdns.org:8123 was troublesome for some routers and some had to forego using https. I assume that I do not need to port forward any router ports (tet) if I am trying to solve this issue on my local network. If I needed to port forward anything in the above steps to connect using https: please let me know: note that port 80 is unavailable on my AT&T router.