The certificate for this server is invalid

dennisje182 · June 30, 2023, 2:52pm

Hi all!

I am getting error shown in the home assistant app (iOS) and I also can not connect through the browser (externally or local)

A bit about my setup:

Raspberry Pi
Access through DuckDNS:
* I believe I set both my internal as my external access link to the duckdns server…
Experia Box V10A modem with limited setting authorization (yaay for service providers…)

Can someone help me how I can now access my home assistant and fix this? I already tried a reset by unplugging the rpi…
All help is welcome!

Cheers!

woempiej · June 30, 2023, 2:56pm

If you are @ home try to reach Home Assistant via the local IP adres 192.168.X.X:8123
Does that work?

WallyR · June 30, 2023, 5:16pm

If you are home then your router might detect the connection as local-to-local and then use that instead of the public IP tied to your certificate.

At3 · June 30, 2023, 5:57pm

Are you working with the duckdns addon? Duckdns supplies only the DNS name but no certificate. afaik

The kpn router has got nothing to do with this

dennisje182 · June 30, 2023, 6:05pm

Ah this indeed worked from my laptop!
I did show in HA a notfication a restart was required. But this didn’t solve the problem.
Where to go from here?

dennisje182 · June 30, 2023, 6:06pm

I indeed have the DuckDNS addon running

At3 · June 30, 2023, 6:17pm

And do you have the http: config in your config file. With the location of the certs?

woempiej · June 30, 2023, 6:34pm

Where do you get the certificates from? Let’s encrypt? I don’t have expirience with DuckDNS setup.
You can try to restart DuckDNS add-on and look at the logs of that add-on.

If you are using Let’s encrypt, then start it and look at the logs of that one.
Certificate expired?

dennisje182 · June 30, 2023, 6:42pm

I believe that is all okay?

dennisje182 · June 30, 2023, 6:43pm

I think you are on to something. In the log of DuckDNS after restart it gave me:
[20:41:18] WARNING: KO
[20:41:19] INFO: Renew certificate for domains: https://XXXX.duckdns.org and aliases:

INFO: Using main config file /data/workdir/config

Processing https://XXXXX.duckdns.org

Signing domains…
Generating private key…
Generating signing request…
req: Hit end of string before finding the equals.
problems making Certificate Request\

woempiej · June 30, 2023, 6:57pm

So…renew the certificates

dennisje182 · July 2, 2023, 12:56pm

I have installed DuckDNS (some say it got solved that way), but I still can not login through the external address… The DuckDNS log says following:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[14:44:47] INFO: OK
xx.xx.xx.2xx
NOCHANGE
[14:44:48] INFO: Renew certificate for domains: xxx.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
Processing xxx.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Sep 30 11:43:18 2023 GMT (Longer than 30 days). Skipping renew!
[14:49:53] INFO: OK
xx.xx.xxx.2xx
NOCHANGE

WallyR · July 2, 2023, 4:09pm

The picture you posted in #7 looks like you are using an URL for the internal site that does not contain duckdns.org, which makes the certificate invalid, so when you at the same time use https for the internal site, then it will fail.

dennisje182 · November 8, 2023, 5:19pm

Hi all,

I am still fighting this issue (I put it on hold, because I didn’t get any further and I had local access so I could work with it), but now I am also noticing it is not registering my location properly (when I’m away).
Anyway, I was hoping someone could help me further by showing here all my settings and logs (if more info is required let me know). So this is the situation right now:

The error on my phone::

Screenshot 2023-10-31 at 19.10.37
Screenshot 2023-11-07 at 23.52.31
Duckdns log:

I noticed port 80 is closed according to this scanner, i thought this might be something
Screenshot 2023-11-08 at 17.59.12

My port forwarding in my modem:

Letsencrypt log:

Screenshot 2023-10-31 at 19.07.42

I followed duckdns setup procedure once more and all is done as described I believe, but still something is not right, because I can not access HA from outside.

Thanks!
D.

WallyR · November 8, 2023, 5:52pm

There is an error in your Lets Encrypt run.
Is your DynDNS address correct?

dennisje182 · November 8, 2023, 6:42pm

Hmm yep it is the same everywhere. Do i need to put http:// - https:// or nothing in front of it?

WallyR · November 8, 2023, 6:58pm

No idea how your setup is configured.

dennisje182 · November 9, 2023, 5:13pm

Hmm…How can I help you all to help me? :P, What of my setup would you need to know?

WallyR · November 9, 2023, 10:23pm

If you ping your duckdns address do you then get your current public IP?

dennisje182 · November 10, 2023, 5:00pm

Yes, it returns my public IP indeed