A few months ago (more than 90 days) I setup home assistant on a Raspberry Pi3 using hass.io, the setup was remotely accessible using duckdns on my iPhone using both safari and the iOS client. I’ve been adding a few sensors over the past couple of days and once I got them working I tried accessing from my iPhone and it is no longer working.
In the iOS client I get the following error:
“Connection Error”
There was an error connecting to Home Assistant, Please confirm settings are correct and save to attempt to reconnect. The error was:
The certificate for this server is invalid. You might be connecting to a server that is pretending to be “my-hostname.duckdns.org” which could put your confidential information at risk.
In safari I connect to “https://my-hostname.duckdns.org” and it brings up the HA login page. When I enter my password it spins a while and then comes back to the login page with “Unable to connect”
I’ve been reading the forums and I’ve tried clearing the browser data for my-hostname.duckdns.org and modifying the configuration.yaml to force frontend: javascript_version: es5
I’ve updated Home Assistant to 0.65.5 and duckdns to 1.1. After I updated duckdns I restarted it, the log is below:
starting version 3.2.4
INFO: Using main config file /data/workdir/config
- Account already registered!
Sat Mar 17 15:12:59 AEDT 2018: OK
xxx.xxx.xxx.xxx (my ip address)
NOCHANGE
INFO: Using main config file /data/workdir/config
Processing my-hostname.duckdns.org
- Checking domain name(s) of existing cert… unchanged.
- Checking expire date of existing cert…
- Valid till May 8 11:17:35 2018 GMT (Longer than 30 days). Skipping renew!
I can’t find anything in the home assistant or supervisor logs that correlated with any of my login attempts.
After a bit more digging I worked out the certificate had expired even though the duckdns log indicated it was valid until 8th May. The only way I could find to force the certificate to update was to reinstall duckdns, when I did this I think I found the error.
In both my duckdns and configuration.yaml files I was explicit about where the SSL certificates were;
/ssl/fullchain.pem and /ssl/privkey.pem
When I reinstalled duckdns it couldn’t save the certificates as it tried to create /ssl//ssl/fullchain.pem so in the duckdns config I reverted to the defaults
ssl_certificate: “fullchain.pem”
ssl_key: “privkey.pem”
and in the configuration.yaml the full location
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
I can’t understand how it could ever have worked (unless I changed something afterwards and forgot to note it down).