Prérequis Duckdns

Radamenthe · Mai 9, 2024, 9:23

Bonjour,

Je souhaiterais utiliser duckdns pour pouvoir avoir acces à mon rpi 5 depuis une adresse https. Cependant j’ai du mal à comprendre ce qu’il faut faire au niveau de l’ouverture du port 8123 sur ma box ainsi que l’histoire de l’ip fixe (j’ai deux adresse, celle en locale et l’autre pour le wifi).

Pourriez-vous m’aider svp ?

Merci

pascal_ha · Mai 9, 2024, 9:41

Bonjour

As tu regarder cet article :

Radamenthe · Mai 9, 2024, 9:56

Bonjour,

Oui j’ai tout fait comme dans le tuto mais ça vient de planter mon HA et je n’arrive plus à le lancer…

pascal_ha · Mai 9, 2024, 10:06

Il faut imperativement fixer IP de HA dans ta BOX
Sur ma box SFR, c’est dans l’onglet DHCP.
Il te faut adresse MAC de ton RPI5 et tu fixe son adresse en statique.
Il faut rediriger le port 8123 sur ta Box (je te mets exemple sur ma box SFR)
Sur ma BOX c’est dans l’onglet NAT.

redirection_port1856×199 9.65 KB

J’ai suivi ce meme tuto, et sa fonctionne.
Il faut vraiment respecter toute la procedure

Radamenthe · Mai 9, 2024, 10:19

J’ai bien fait ça pourtant. on est d’accord que l’ip c’est celle du HA de la forme 192.168… ?

pascal_ha · Mai 9, 2024, 10:21

Oui, mais il faut la fixer dans ta box (pour éviter qu’elle ne change)

Pour la redirection de port tu as aussi cet article :

Radamenthe · Mai 9, 2024, 10:22

Du coup j’en ai 2, la locale et celle en wifi laquelle dois je fixer ?

pascal_ha · Mai 9, 2024, 10:26

Je pense que c’est la locale (je n’ai qu’une ip pour mon HA)

Je te conseille d’installer Advanced ip Scanner.(logiciels gratuit)

Tu fais un scan, et tu auras IP de HA ainsi que son adresse MAC.
(tu auras aussi toutes les adresse ip utilisé sur ton reseau)

Radamenthe · Mai 9, 2024, 10:38

Du coup j’ai fixé l’adresse ip détecté par ip scanner et redirigé le port vers 8123 mais maintenant j’ai un soucis avec duckdsn. Est ce que le journal est bon ??

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account URL...
+ Done!
[12:32:47] WARNING: KO
[12:32:47] INFO: Renew certificate for domains: http:/xxxxxx.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
 + Creating chain cache directory /data/workdir/chains
Processing http://xxxx.duckdns.org
 + Creating new directory /data/letsencrypt/http://xxxxxxx.duckdns.org ...
 + Signing domains...
 + Generating private key...
 + Generating signing request...
Could not open file or uri for loading private key from /data/letsencrypt/http://ha-daulon.duckdns.org/privkey-1715250769.pem
002D52927F000000:error:1608010C:STORE routines:inner_loader_fetch:unsupported:crypto/store/store_meth.c:353:No store loader found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them? Info: Global default library context, Scheme (/data/letsencrypt/http : 0), Properties (<null>)
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[12:34:54] WARNING: KO
[12:34:54] INFO: Renew certificate for domains: http://xxxxxxx.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
Processing http://xxxxxxxxx.duckdns.org
 + Signing domains...
 + Generating private key...
 + Generating signing request...
Could not open file or uri for loading private key from /data/letsencrypt/http://xxxx.duckdns.org/privkey-1715250896.pem
002DFBB47F000000:error:1608010C:STORE routines:inner_loader_fetch:unsupported:crypto/store/store_meth.c:353:No store loader found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them? Info: Global default library context, Scheme (/data/letsencrypt/http : 0), Properties (<null>)
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[12:36:21] WARNING: KO
[12:36:21] INFO: Renew certificate for domains: http://xxxxxxxx.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
Processing http://xxxxxx.duckdns.org
 + Creating new directory /data/letsencrypt/http://xxxxxx.duckdns.org ...
 + Signing domains...
 + Generating private key...
 + Generating signing request...
Could not open file or uri for loading private key from /data/letsencrypt/http://xxxx.duckdns.org/privkey-1715250983.pem
007D96B87F000000:error:1608010C:STORE routines:inner_loader_fetch:unsupported:crypto/store/store_meth.c:353:No store loader found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them? Info: Global default library context, Scheme (/data/letsencrypt/http : 0), Properties (<null>)

pascal_ha · Mai 9, 2024, 10:44

C’est le bon journal, mais il faut masquer ton adresse duckdns. (Édit ton fichier et masque ton adresse)

Il semblerait que tu aies une erreur lors de la création du certificat.
Reprends le tuto pour voir si tu n’as pas loupé quelque chose.

Édit : il te reste une adresse en bas de non masqué…

Il y a deux autre adresse de non masqué…

Radamenthe · Mai 9, 2024, 10:47

Tout est bon dans le journal comme j’avais vu des erreurs…

Oles67 · Mai 9, 2024, 10:58

C’est que pour un accès homeassistant depuis internet ?

Tu es chez qui comme FAI ?

Radamenthe · Mai 9, 2024, 11:03

chez free mais normalement j’ai réussi mais je ne trouve pas l’erreur dans la config de duckdns…

Radamenthe · Mai 9, 2024, 11:26

Du coup avez-vous une idée de ce qu’il faut faire pour enlever ce problème ?

+ Account already registered!
[13:24:32] WARNING: KO
[13:24:32] INFO: Renew certificate for domains: http://xxxxxxxx.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
Processing http://xxxxxxxx.duckdns.org
 + Signing domains...
 + Generating private key...
 + Generating signing request...
Could not open file or uri for loading private key from /data/letsencrypt/http://xxx.duckdns.org/privkey-1715253875.pem
00CDCABE7F000000:error:1608010C:STORE routines:inner_loader_fetch:unsupported:crypto/store/store_meth.c:353:No store loader found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them? Info: Global default library context, Scheme (/data/letsencrypt/http : 0), Properties (<null>)

Encore merci

pascal_ha · Mai 9, 2024, 11:31

Tu as encore des adresses de non masqué. Dans ce log et celui plus haut.

Mais le souci vient apparemment de la création du certificat let’s encrypt.

Peux tu mettre le contenu de ta configuration duckdns (en masquant tes info confidentiel)

(Tu n’as pas renseigné ta configuration dans ton 1er post)

Radamenthe · Mai 9, 2024, 11:33

oui voila :

domains:
  - http://xxxx.duckdns.org
token: b71ecbxxxxxxxxx25c0d71be
aliases: []
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: fullchain.pem
  keyfile: privkey.pem
seconds: 300

pascal_ha · Mai 9, 2024, 11:33

Il me semble que pour le domaine il faut supprimer le http://, juste le nom de domain

Oles67 · Mai 9, 2024, 11:36

Pourquoi tu ne passe pas par wireguard ?
C’est tellement plus simple.

Radamenthe · Mai 9, 2024, 11:37

Bonjour,

C’est simplement que je n’y connais rien lol. Cela remplace Duckdns ?

Merci

Radamenthe · Mai 9, 2024, 11:41

Voila ce que ça donne sans le http:// :

[13:29:35] WARNING: KO
[13:34:36] WARNING: KO
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[13:35:28] INFO: Renew certificate for domains: xxxxx.duckdns.org and aliases: 
# INFO: Using main config file /data/workdir/config
Processing xxxxxxx.duckdns.org
 + Creating new directory /data/letsencrypt/xxxxxxx.duckdns.org ...
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for xxxxxx.duckdns.org
 + 1 pending challenge(s)
 + Deploying challenge tokens...
OK + Responding to challenge for xxxxxx.duckdns.org authorization...
 + Cleaning challenge tokens...
OK + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"]	"dns-01"
["status"]	"invalid"
["error","type"]	"urn:ietf:params:acme:error:unauthorized"
["error","detail"]	"During secondary validation: Incorrect TXT record \"\" found at _acme-challenge.xxxxxx.duckdns.org"
["error","status"]	403
["error"]	{"type":"urn:ietf:params:acme:error:unauthorized","detail":"During secondary validation: Incorrect TXT record \"\" found at _acme-challenge.xxxxx.duckdns.org","status":403}
["url"]	"https://acme-v02.api.letsencrypt.org/acme/chall-v3/348593918657/rSaMaA"
["token"]	"ahk8ZAWdassDfBoylchTpbZHclCiJJ53pN7PrnwXrxE"
["validationRecord",0,"hostname"]	"xxxxxxx.duckdns.org"
["validationRecord",0,"resolverAddrs",0]	"10.0.12.82:24201"
["validationRecord",0,"resolverAddrs"]	["10.0.12.82:24201"]
["validationRecord",0]	{"hostname":"xxxxxxx.duckdns.org","resolverAddrs":["10.0.12.82:24201"]}
["validationRecord"]	[{"hostname":"xxxxxx.duckdns.org","resolverAddrs":["10.0.12.82:24201"]}]
["validated"]	"2024-05-09T11:35:35Z")