Unable to connect to HA from the Internet - resolved

A few months ago (more than 90 days) I setup home assistant on a Raspberry Pi3 using hass.io, the setup was remotely accessible using duckdns on my iPhone using both safari and the iOS client. I’ve been adding a few sensors over the past couple of days and once I got them working I tried accessing from my iPhone and it is no longer working.

In the iOS client I get the following error:

“Connection Error”
There was an error connecting to Home Assistant, Please confirm settings are correct and save to attempt to reconnect. The error was:
The certificate for this server is invalid. You might be connecting to a server that is pretending to be “my-hostname.duckdns.org” which could put your confidential information at risk.

In safari I connect to “https://my-hostname.duckdns.org” and it brings up the HA login page. When I enter my password it spins a while and then comes back to the login page with “Unable to connect”

I’ve been reading the forums and I’ve tried clearing the browser data for my-hostname.duckdns.org and modifying the configuration.yaml to force frontend: javascript_version: es5

I’ve updated Home Assistant to 0.65.5 and duckdns to 1.1. After I updated duckdns I restarted it, the log is below:

starting version 3.2.4

INFO: Using main config file /data/workdir/config

  • Account already registered!
    Sat Mar 17 15:12:59 AEDT 2018: OK
    xxx.xxx.xxx.xxx (my ip address)
    NOCHANGE

INFO: Using main config file /data/workdir/config

Processing my-hostname.duckdns.org

  • Checking domain name(s) of existing cert… unchanged.
  • Checking expire date of existing cert…
  • Valid till May 8 11:17:35 2018 GMT (Longer than 30 days). Skipping renew!

I can’t find anything in the home assistant or supervisor logs that correlated with any of my login attempts.


After a bit more digging I worked out the certificate had expired even though the duckdns log indicated it was valid until 8th May. The only way I could find to force the certificate to update was to reinstall duckdns, when I did this I think I found the error.

In both my duckdns and configuration.yaml files I was explicit about where the SSL certificates were;
/ssl/fullchain.pem and /ssl/privkey.pem

When I reinstalled duckdns it couldn’t save the certificates as it tried to create /ssl//ssl/fullchain.pem so in the duckdns config I reverted to the defaults
ssl_certificate: “fullchain.pem”
ssl_key: “privkey.pem”
and in the configuration.yaml the full location
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

I can’t understand how it could ever have worked (unless I changed something afterwards and forgot to note it down).