Web Access Failure

tomdosom · June 18, 2020, 3:16am

Hello,
My name is Tomás.
I installed HA recently (HassOS “direct” - without Linux) on a Raspberry Pi 4.
Everything was working perfectly.
Working in the configs and testing the system, I created a dynamic DNS with DuckDNS and activated the Lets Encrypt add-on.
I don’t know if it has anything to do with it, but then, on the same day, I lost access via web (http://ha-ip:8123).
I did a network drive map in Windows and I have access to the files. The configured IP also responds to ping. But the HA interface does not open in the browser.
Does anyone have any idea what may be going on?

Thankful…

Tomas

tom_l · June 18, 2020, 4:59am

DuckDNS includes Lets Encrypt security certificates to allow for secure encrypted browsing.

After installing DuckDNS you will have to use https, not http. Also you will have to allow a security exception in your web browser if navigating to the ip address as the security certificate is for your DuckNDS address, not the IP address.

If your router supports NAT loopback you can go to the DuckDNS address on your local network without any added latency.

tomdosom · June 18, 2020, 5:26am

Wow… so simple!!! It worked!

Thank you very much for your prompt response!

Kind regards!

tom_l · June 18, 2020, 5:49am

No problem. Please mark the post solved (button under the post that helped) as it may help future users with their searching.

tomdosom · June 18, 2020, 1:12pm

Tom (namesake!), one more doubt:

On my home router I already configured port 8123 for the Local IP of HA both in NAT and in Port Triggering.
However, when I am logged into the Wifi network at my home, I’m not able to access HA through the app, only through the browser. But if I disconnect from Wifi and access via the mobile fone operator’s network, ok, I can access through the app.
When trying to access the app, with the mobile phone connected to the Wifi LAN, a connection error is displayed:
“Unable to connect to HA. - There was an error loading HA, please review the connection settings and try again”.
By clicking “Ok”, I can edit this options: HA URL, HOME NETWORK WIFI SSIDs and INTERNAL CONNECTION URL fields.
I kept the following settings:

HA URL: https://“my-domain”.duckdns.org:8123
HOME NETWORK WIFI SSIDs: I typed the SSID of my Wifi network
INTERNAL CONNECTION URL: https://XXX.XXX.X.XXX:8123

What could be happening?

Thanks for listening

Tomas

tom_l · June 18, 2020, 3:54pm

Yeah I have to use the duckdns URL for both internal and external.

If your router supports NAT loop back this won’t actually go outside your network.

tomdosom · June 18, 2020, 5:21pm

Thanks again Tom!

So, just to validate my understanding: if we use DuckDNS with Lets Encrypt it is no longer possible to use the HA App when we are connected to the Wifi of the local network at the residence. That’s correct?

Via browser, in my case, when I am connected to the Wifi network, the address https://mydomain.duckdns.org:8123 does not work but https://myip:8123 works.

Did I configure something wrong? I’m thinking here …

tom_l · June 18, 2020, 5:34pm

No, not correct at all.

You just have to use the duckdns address instead of the IP address in the app config.

Then there is something wrong with your router setup. Maybe it does not support hairpinning?

tomdosom · June 19, 2020, 2:05pm

Hello Tom,
I use the cable TV and Internet service provider’s router. I checked the options on the router interface and found nothing about hairpinning.
So, under these conditions, for me to continue using the HA app when connected to the wifi network, perhaps one option is to disable Lets Encrypt (and keep DuckDNS) …

tom_l · June 19, 2020, 6:41pm

A better method would be to use a reverse proxy. This would allow http access inside your network while retaining encryption for remote access.

See:

MadMax1412 · December 17, 2020, 4:35am

I have been accessing my HA install by going to:

https://mydomain.duckdns.org/

and I have this set as one of the tabs that open when I start my browser.

A week or so ago, I was getting a BitDefender logo appearing with the following:

Web Protection by Bitdefender

Suspicious page blocked for your protection

https://mydomain.duckdns.org/

Your connection to this web page is not safe due to an expired security certificate.
Web pages must renew their certificates to stay current, and outdated security certificates represent a risk for your data.

Take me back to safety I understand the risks, take me there anyway

If you know this page is not dangerous, you can add it to your Exceptions list of trusted websites. Be aware that you will not be warned about any threats existing on this page.

As you can see, I’ve been using the HTTPS address without any issues for ages, but now I’m getting these error messages.

I have tried clicking on the links “I understand the risks, take me there” and “Add to exceptions” but it doesn’t do anything.

Is there something I need to do to renew the certificate?

Thanks in advance.

Edit: I can access HA by typing in the IP address with :8123, but I gather it’s the security certificate stopping me from using DuckDNS. The app on my mobile doesn’t work now either.

Edit: It’s all working now although I don’t know what fixed it. I did an uninstall and re-install of Bit Defender plus updated DuckDNS module in HA. For each I did a restart of the PC and for DuckDNS, I also did a restart of the unit and it still wasn’t working. Then a few days later I opened my web browser and the tab worked. No idea if it was just something that happened by itself in the background or if the work done on Bit Defender and DuckDNS just took a while to iron itself out.