I’ve been encountering the following error message when connecting to Home Assistant via Chrome:
The server could not prove that it is xxxx.myds.me; its security certificate is from xxxx.duckdns.org. This could be because of a misconfiguration or an attacker intercepting your connection.
I believe this error might be related to a previous issue with my Synology-provided DDNS. I had set up DuckDNS on Synology myself and made adjustments in Home Assistant’s Let’s Encrypt add-on. However, I later reverted all related settings and updated the SSL certificate. Despite these changes, I’m still seeing this error message.
While I can proceed by selecting “Advanced” and “Proceed to xxxx.myds.me (unsafe),” it’s still bothering me, and I would like to resolve this SSL certificate error.
Everything is working fine with the Synology connection; the certificate error only appears when connecting to Home Assistant. Both of them are the same domain, xxxx.myds.me, so I suspect there might be something I overlooked in Home Assistant’s settings.
Environment:
Synology 918+ VMM
Home Assistant 2024.1.0 using the HassOS image
Network Configuration:
Home Assistant URL: Using Home Assistant Cloud
Local Network: Automatic
Reverse proxy using NGINX (Home Assistant Add-on: NGINX Home Assistant SSL proxy)
Any insights or suggestions on how to fix this SSL certificate issue would be greatly appreciated. Thank you!
I managed to resolve this issue on my own later. Here’s an explanation of how I did it:
I went into the Let’s Encrypt add-on settings and input the error message below into ChatGPT to get some guidance based on its content. Then, I opened ports 80 and 443 in my router. After successfully updating the Let’s Encrypt certificate, the issue was resolved.
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[14:11:23] INFO: Selected http verification
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for xxxx.myds.me
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: xxxx.myds.me
Type: connection
Detail: x.x.x.x: Fetching http://xxxx.myds.me/.well-known/acme-challenge/oooxxx: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped