Are you trying to connect from inside or outside your LAN?
Both, and my router specifically allows NAT loopback. I cannot connect either way.
Your base url should be without port.
1 Like
try and uninstall and re-install the duckdns addon⌠I seem to remember having similar issues at one point which a fresh install of the addon seemed to fixâŚ
So I get this error in my logs all the time and mine works just fine:
2019-06-12 09:17:31 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
File âuvloop/sslproto.pyxâ, line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
File âuvloop/sslproto.pyxâ, line 484, in uvloop.loop.SSLProtocol._do_handshake
File â/usr/local/lib/python3.7/ssl.pyâ, line 763, in do_handshake
self._sslobj.do_handshake()
I believe I read somewhere that this happens when using the local address inside the network to which the cert is not signed for your local IP and thus the error. I could be wrong though.
Is there actually quotes around your base url? (not sure if the forum is doing that) I have mine configured as such and currently working.
http:
server_port: 8123
base_url: https://routingsomething.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
Edit:
From the duckdns config portion here is my settings:
{
"lets_encrypt": {
"accept_terms": true,
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
},
"token": "9da-somethingtoken",
"domains": [
"routingsomething.duckdns.org"
],
"seconds": 604800
}I also wanted to mention that my carrier implemented carrier grade nat a while back. This threw all my port forwarding through a loop and I had to pay to have static IP configured (No NAT). Oddly, I DID get responses from a few of the ports but I do not think they were actually from my network but from somewhere else. I never saw any of the traffic going to my network.
I believe the easiest way to tell is go to https://whatismyipaddress.com/ and compare the IP listed there to the IP listed in your WAN settings of your router. If they do not match, you are behind carrier nat and from what I have seen getting ports through this is very hit and miss depending on the carrier/ configuration of their network.
My ip is fine (matches when Iâve checked). I donât have a port listed in my .yaml file. Maybe Iâll try that.
Change base_url: https://crazycats.duckdns.org:8123
to: base_url: https://crazycats.duckdns.org
1 Like
Doing this never worked for me. I know I read somewhere when I first tried getting things up and going to try that. It wouldnât work for me. I had to INCLUDE the port. In fact, the documentation page even shows an example WITH a port.
base_url
(string)(Optional)The URL that Home Assistant is available on the internet. For example:
https://hass-example.duckdns.org:8123.
I know someone mentioned it looks like your ports are forwarded correctly but could give your router a restart. I know I have had to do that to get port forwards going. Outside of that, unfortunately I am out of any other ideas.
HA is available on Internet on IP / hostname and port of the ROUTER not of the internal machine!
Here is my config (itâs a bit different as Iâm using reverse proxy to simplify process of SSL certs, but this is an other story)
http:
base_url: https://something.duckdns.org
use_x_forwarded_for: true
trusted_proxies:
- 10.0.1.6Hi @bkr1969 , can you open up the âterminalâ program on your Mac and enter the following command:
openssl s_client -connect crazycats.duckdns.org:443
And copy/paste here what it says please?
Thanks 
CONNECTED(00000005)
4495816300:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.240.1/libressl-2.6/ssl/ssl_pkt.c:585:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 0 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1560477075
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Are you running home assistant or hassio? If youâre running home assistant and installed duckdns via command line, if I remember correctly you must run a command to create your certificate, and you have to run it during initial install and again every 60-90 days before it expires. Hassio should already do this for you using the Duckdns plugin.
I remember back when I used home assistant and not hassio, you also had to install letsencrypt. Not sure if thatâs still a thing?
You need to forward 443 to internal address:443 and 8123 to internal address:8123
If your router does not support reverse NAT you will not be able to access your server from the local network using your domain name. If you can access it either via 443 and 8123 using your local ip address from the local LAN, then try using your domain name from an external network.
Ok, that is a start, it looks like you are using HassIO on your RPi3. Are you using any other addons apart from the DuckDNS addon? If so please list what other HassIO addons you have.
Would you be willing to try out the âNGINX Home Assistant SSL proxyâ addon?
Iâve installed SSH, Samba Share, Configurator and MQTT. I have tried the NGINX route without success, but Iâm definitely not opposed to it if you have instructions. Thanks for your help.
I could at least get to your HA landing page but somethingâs up with thecertificates.
I use an NGINX reverse proxy to get the whole certificates crap in order, before I had issues like you
How did you get there? I just tried it again after seeing your response but I got nothing.
Still reading and researching. Would adding the following be helpful?
http:
ssl_profile: intermediate