The certificate for this server is invalid

Hi all!

I am getting error shown in the home assistant app (iOS) and I also can not connect through the browser (externally or local)

A bit about my setup:

  • Raspberry Pi
  • Access through DuckDNS:
    * I believe I set both my internal as my external access link to the duckdns server…
  • Experia Box V10A modem with limited setting authorization (yaay for service providers…)

Can someone help me how I can now access my home assistant and fix this? I already tried a reset by unplugging the rpi…
All help is welcome!


If you are @ home try to reach Home Assistant via the local IP adres 192.168.X.X:8123
Does that work?

1 Like

If you are home then your router might detect the connection as local-to-local and then use that instead of the public IP tied to your certificate.

Are you working with the duckdns addon? Duckdns supplies only the DNS name but no certificate. afaik

The kpn router has got nothing to do with this :slight_smile:

1 Like

Ah this indeed worked from my laptop!
I did show in HA a notfication a restart was required. But this didn’t solve the problem.
Where to go from here?

I indeed have the DuckDNS addon running

And do you have the http: config in your config file. With the location of the certs?

Where do you get the certificates from? Let’s encrypt? I don’t have expirience with DuckDNS setup.
You can try to restart DuckDNS add-on and look at the logs of that add-on.

If you are using Let’s encrypt, then start it and look at the logs of that one.
Certificate expired?

I believe that is all okay?

I think you are on to something. In the log of DuckDNS after restart it gave me:
[20:41:18] WARNING: KO
[20:41:19] INFO: Renew certificate for domains: and aliases:

INFO: Using main config file /data/workdir/config


  • Signing domains…
  • Generating private key…
  • Generating signing request…
    req: Hit end of string before finding the equals.
    problems making Certificate Request\

So…renew the certificates :slight_smile:

I have installed DuckDNS (some say it got solved that way), but I still can not login through the external address… The DuckDNS log says following:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[14:44:47] INFO: OK
[14:44:48] INFO: Renew certificate for domains: and aliases: 
# INFO: Using main config file /data/workdir/config
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Sep 30 11:43:18 2023 GMT (Longer than 30 days). Skipping renew!
[14:49:53] INFO: OK

The picture you posted in #7 looks like you are using an URL for the internal site that does not contain, which makes the certificate invalid, so when you at the same time use https for the internal site, then it will fail.

1 Like

Hi all,

I am still fighting this issue (I put it on hold, because I didn’t get any further and I had local access so I could work with it), but now I am also noticing it is not registering my location properly (when I’m away).
Anyway, I was hoping someone could help me further by showing here all my settings and logs (if more info is required let me know). So this is the situation right now:

The error on my phone::

Screenshot 2023-10-31 at 19.10.37
Screenshot 2023-11-07 at 23.52.31
Duckdns log:

I noticed port 80 is closed according to this scanner, i thought this might be something
Screenshot 2023-11-08 at 17.59.12

My port forwarding in my modem:

Letsencrypt log:

Screenshot 2023-10-31 at 19.07.42

I followed duckdns setup procedure once more and all is done as described I believe, but still something is not right, because I can not access HA from outside.


There is an error in your Lets Encrypt run.
Is your DynDNS address correct?

Hmm yep it is the same everywhere. Do i need to put http:// - https:// or nothing in front of it?

No idea how your setup is configured.

Hmm…How can I help you all to help me? :P, What of my setup would you need to know?

If you ping your duckdns address do you then get your current public IP?

Yes, it returns my public IP indeed