Switched Router and can't get DuckDNS with Let's Encrypt working again

Adabelle_Leiram · December 23, 2017, 10:44am

Hi,

I’m running Hass.io on a Raspberry Pi 3. I recently had everything up and running with DuckDNS and Let’s Encrypt but, after switching to Google Wifi, I can’t seem to get it to work (even though the configs are exactly the same as previously). I did do a fresh install of Hass.io on my Pi as there was quite a few things that I wanted to just redo. I can’t remember exactly how I set it up last time but this is what I’ve done so far.

For the sake of privacy and still being able to show you what I’ve written as close as possible, I’ve replaced my domain on DuckDNS with banana.

My Wifi setup is that I have a router (which I need because of my stupid internet provider using coaxial cables instead of ethernet) which I’ve disabled Wifi on and connected by ethernet to my Google Wifi.

First I forwarded port 8123 > 8123 on both the Google Wifi and my other router. When testing to access my Home Assistant from my public IP and port 8123 it worked.

Then I installed the DuckDNS add on with these options:

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "MY_TOKEN",
  "domains": [
    "banana.duckdns.org"
  ],
  "seconds": 300
}

In my config, I have the following (exactly the same as previously except that I removed the api_password field until I get this working).

http:
  base_url: https://banana.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

I then forwarded port 443 > 8123 on both my Google Wifi and router.

After restarting Hass.io, Duck DNS and both routers, the best I can do to access my home assistant is use the url https://hassio.local:8123/.

When using the url https://banana.duckdns.org/ all I see is the Home Assistant logo with the spinner and the text connecting. After a while it asks me to enter a password (which is why I removed the api_password from the config). When I previously had the api_password in the config file and entered that password, it wouldn’t connect anyways.

My DuckDNS logs say the following (I’ve replaced my public IP with ##.###.##.###):

starting version 3.2.2
# INFO: Using main config file /data/workdir/config
+ Account already registered!
Sat Dec 23 11:08:43 CET 2017: OK
##.###.##.###
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing banana.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Mar 22 15:49:10 2018 GMT (Longer than 30 days). Skipping renew!

There doesn’t seem to be anything relevant in the home assistant logs either. Any idea what I could be missing/how to debug further?

Adabelle_Leiram · December 23, 2017, 11:01am

I just figured out the problem. On my router I was port forwarding from 443 > 8123 of my Google Wifi, and then on my Google Wifi had port forwarding from 443 > 8123 on my PI. Changing my Google Wifi port forwarding from 8123 > 8123 on my Pi solved the issue

dmoses1969 · April 20, 2018, 2:08am

@Adabelle_Leiram
I am using Google WiFi also and having issues. Just wondering, are you using static or dhcp in your router and google wifi?
I have an ATT homebase that has 1 ethernet port and wifi. Did disabling wifi make a difference at all?
I have 443>8123 in my ATT homebase / 8123>8123 in google wifi app to hassio. Hassio is the only thing with a static ip. I have tried a million things and no matter what i cannot seem to get ports forwarded according to port checker website and several others I have tried.

Thanks

Adabelle_Leiram · May 19, 2018, 6:18am

Hi! I’ve got static IPs for the devices that need it (e.g. devices used for device tracking, my home assistant pi etc), the rest are dhcp.

Sounds like you did exactly what I did. I’m sorry I feel very uncertain about this area and that was why I myself was struggling. I hope you manage to solve it!

jreancsu · October 5, 2018, 9:42pm

For anyone with just a Google Wifi router (or several configured in a mesh), the following worked for me:

http:
  api_password: XXXXXX
  base_url: XXXXX.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  server_port: 8123

with the forwarding rule for the Raspberry Pi device set to 443 > 8123 on the Google Wifi app. I believe removing https:// from the base_url is what did it. Otherwise, I was only able to get it to work with the rule set to 8123 > 8123, but my O.C.D. wouldn’t allow me to settle with explicitly entering the port in the browser.