with AdGuard no Access to Homeassistant

[MartinKuhl]

Problem/Motivation

after switching the DNS entry to the IP of the home assistant host, the adblocker starts working. But from now on, it is not possible to connect to the home assistant backend via DnS (DuckDNS).

Expected behavior

successful accessing the home assistant backend via IP AND DNS

Actual behavior

no access to the home assistant backend via DNS (DuckDNS). via IP address the access is still possible. Safari error message: „FetchEvent.respondWith received an error: no-response: no-response :: [{"url":"https://XYZ.duckdns.org/lovelace/default_view","error":{}}]“

Chrome error message: NET::ERR_CERT_INVALID

Is there a known issue in combination with the addon nginx proxy manager?

Steps to reproduce

see Problem/Motivation

[addons-assistant]

👋 Thanks for opening your first issue here! If you're reporting a 🐛 bug, please make sure you include steps to reproduce it. Also, logs, error messages and information about your hardware might be useful.

[sinclairpaul]

Assuming you are connecting to the same name as the certificate is issued, you would need to confirm why it is invalid.

Are you sure it hasn't expired?

[MartinKuhl]

yes I'm sure that it is valid. I have a check for that purpose, that say 84 days left. Just after I remove the DNS entry everything is fine again and I can connect to home assistant via DNS.

[sinclairpaul]

Please post the details from the Developer Tools in Chrome as to why it thinks the cert is incorrect.

[MartinKuhl]

[sinclairpaul]

Dev Tools, Security Tab, should be a view certificate option, which should tell you what the issue with the cert is.

[MartinKuhl]

Even the address: http(s)://homeassistant:8123 isn't working. Only the address https://IP:8123 is functional.

[MartinKuhl]

Just after resetting the DSN entry to standard within the network settings everything is fine again:

[sinclairpaul]

Click the View Certificate button..... It will tell you what the error is.

Unfortunately I cannot tell what you are accessing and when. The certificate has to be valid, and match the name that it is issued to. You mentioned Nginx Proxy Manager, I assume that is retrieving and setting up your cert?

You also mentioned DNS entries, but no details on what you are changing and when.

In summary Adguard is a DNS server, if you are trying to set up split DNS (which is what I am assuming), you just need a record on it to rewrite to you internal address. If you are getting SSL errors then there is likely a misconfiguration somewhere.

The homeassistant name resolution relies on mDNS, and is not related to Adguard itself.

[MartinKuhl]

The Let's encrypt authority is missing.
OK I did the following steps:
I entered the IP-Address if the HA Server as DNS-Server (see Screenshot) and after applying the settings, it looks like the SSL certificate of my NGINX proxy manager is not accessable. You mentioned right my NPM ist setting up exact this certificate (need port 80 and 443).

I did not change the DNS entry in my router instead I change the corresonding setting in the network settings of my mac. In the DNS configuration part of adguard I only modified the Upstream-DNS-Server 8.8.8.8, 8.8.4.4., 1.1.1.1

[sinclairpaul]

Then I would suggest Adguard is unable to resolve correctly.

Check the addon logs, check the query log in Adguard. Make sure it is resolving.

You can perform an nslookup www.google.com to ensure it is working.

I would suggest you would be better seeking help either via the forums or Discord, as this really isn't an issue with the addon, but likely something local.

[MartinKuhl]

I found the solution (more or less) I had to disable IP V6 in Adguard.
Now I can access the backend of home assistant via DNS.

[addons-assistant]

This thread has been automatically locked because it has not had recent activity. Please open a new issue for related bugs and link to relevant comments in this thread.