Hello, I am trying to have my Home Assistant (running on Raspbian with a Docker Container) reachable from the internet via SSL.
I followed this guide: https://www.home-assistant.io/addons/duckdns/
and here is my configuration (I obviously hide the token here):
{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “**************",
“domains”: [
“lordslash.duckdns.org”,
".lordslash.duckdns.org”
],
“seconds”: 300
}
but as soon as I try to start the DuckDNS service I get the following error:
ERROR: Problem connecting to server (get for https://acme-v02.api.letsencrypt.org/directory; curl returned with 6)
What am I doing wrong? Thank you very much in advance for your help!
Hello, I followed the guide above, generated the fullchain.pem and privkey.pem files, but still i get the same error when I try to start the DuckDNS addon:
ERROR: Problem connecting to server (get for https://acme-v02.api.letsencrypt.org/directory; curl returned with 6)
Can anyone help me? I think the problem is with the DNS used by Docker, could it be?
Sorry, I missed the Docker piece.
I know Hassio has a DuckDNS addon but I am not sure about a straight Docker installation.
Are you running HASSIO or Home Assistant in Docker?
1 Like
Sorry i made a mistake, I run HassIO in docker
Are you running the DuckDNS addon? That is the easiest way.
Yes and when i try to start that addon i get the error mentioned above…
I made some steps forward: I created a file /etc/resolv.conf which is used by docker to resolve the DNS:
nameserver 8.8.8.8
nameserver 8.8.4.4
then I restarted and now DuckDNS starts. Here is the DuckDNS configuration:
{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “/home/homeassistant/dehydrated/certs/lordslash.duckdns.org/fullchain.pem”,
“keyfile”: “/home/homeassistant/dehydrated/certs/lordslash.duckdns.org/privkey.pem”
},
“token”: “a69271b1-6fbd-4484-860d-b7dca7c11cd7”,
“domains”: [
“lordslash.duckdns.org”
],
“seconds”: 300
}
I am using the certificates that I got with the procedure linked above (dehydrated) and here are the logs of DuckDNS:
Processing lordslash.duckdns.org
- Checking domain name(s) of existing cert… unchanged.
- Checking expire date of existing cert…
- Valid till Aug 19 05:42:19 2019 GMT Certificate will not expire
(Longer than 30 days). Skipping renew!
Tue May 21 09:39:39 CEST 2019: OK
91.64.212.91
then I edited my configuration.yaml in the following way:
http:
api_password: !secret api_password
ssl_certificate: /home/homeassistant/dehydrated/certs/lordslash.duckdns.org/fullchain.pem
ssl_key: /home/homeassistant/dehydrated/certs/lordslash.duckdns.org/privkey.pem
base_url: lordslash.duckdns.org:8123
but still when I connect to https://lordslash.duckdns.org/
it doesn’t connect 
The error I get is SSL_ERROR_RX_RECORD_TOO_LONG
What am I still missing?
I am starting to get confused.
If I follow the “dehydrated” method from the link above, the DuckDNS addon is never mentioned. Does it mean that I don’t need it at all and that I can uninstall it?
Secondly, the configuration.yaml should look like this:
configuration.yaml
http: api_password: !secret hass_pass
ssl_certificate: /home/homeassistant/dehydrated/certs/myhome.duckdns.org/fullchain.pem
ssl_key: /home/homeassistant/dehydrated/certs/myhome.duckdns.org/privkey.pem
base_url: myhome.duckdns.org:8123
I tried to do that but i get the error SSL_ERROR_RX_RECORD_TOO_LONG
I placed the two pem certificates in the folder /home/homeassistant but it didn’t change anything. Is there a way to debug what happens when I try to open the https page?
If I search inside my PI where are the *.pem files I find those:
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/fullchain-1558420899.pem
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/cert-1558420899.pem
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/chain-1558420899.pem
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/chain.pem
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/cert.pem
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/privkey-1558420899.pem
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/fullchain.pem
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/privkey.pem
Can I use those in my configuration.yaml ?
This filepath is intended to be one that is ACTUALLY INSIDE the docker container. /home/homeassistant isn’t inside the docker container. Problem 1
Same thing. Your home assistant docker container doesn’t know what the hell /home/homeassistant is. It doesn’t exist. Please follow the proper procedures for this using the documentation.
You’re following some blog post that is 2 years old. STOP! Use the official documentation!
No it shouldn’t.
Stop giving full paths that the docker container can’t see.
Thank you very much, it worked!
My docker folder container was in /usr/share/hassio so I copied the above mentioned files
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/chain.pem
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/cert.pem
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/fullchain.pem
/usr/share/hassio/addons/data/core_duckdns/letsencrypt/lordslash.duckdns.org/privkey.pem
inside /usr/share/hassio/ssl/
this is my DuckDNS configuration:
{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “XXXXXXXXXXXX”,
“domains”: [
“lordslash.duckdns.org”
],
“seconds”: 300
}
and this is my configuration.yaml
http:
api_password: !secret api_password
base_url: https://lordslash.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem