Control your home from anywhere with DuckDNS

3 minute read

We have already created our Home Assistant server, and know a little more about how it works. But making a smart house doesn’t make much sense if we can only control it from the house itself.

Home Assistant offers a very simple Add-on to be able to access Home Assistant from any device with Internet around the World. In addition this Add-on includes configuration of SSL encryption certificates to make this connection secure.

Duck DNS & Let’s Encrypt

Duck DNS + Let's Encrypt

Duck DNS is a free DNS redirection service (sub-domains of to an IP of our choice. That is, to create a subdomain that when accessing from any browser, redirects to the IP that is indicated; in our case, to the IP and port of our Home Assistant server. In such a way, that from any device with Internet, inside or outside our house, we can access to our server and Home Assistant web interface.

Let’s Encrypt is a Certificate Issuing Authority offered by Internet Security Research Group that is able to issue open, automatic and free SSL certificates. In this way, it will provide us with the necessary certificate so that the connection created by the DNS redirection of Duck DNS is secure. It is not mandatory but it is highly recommended to use these certificates to add another layer of protection to the network environment.


To install and use Duck DNS and Let’s Encrypt, you must:

  • Have a static internal IP for the Home Assistant server. This can be achieved in two ways:
    • Configuring the network in our Home Assistant installation so that it has a static IP (as seen in the first article).
    • Reserving the IP in the main router for the device / host being used for the server.
  • In the router redirect the internal port 8123 (TCP) for the static IP of the previous step, to the external port that you want (can be 8123). If you don’t know how to redirect your ports, in Port Forward there are guides for almost any known router.

    Take note of the IP and the chosen external port, you will need them later.

  • Register at using any of the available methods and create a subdomain with the name you want.

    Duck DNS Homepage

    Take note of the Token shown on the page and the subdomain, you’ll need them too.

Installing and configuring Add-on

The installation and configuration will be carried out in the same way as in other articles.

Go to the menu Supervisor -> Add-on Store and look for Duck DNS.

Add-on Store - Duck DNS

Inside, you’ll see a brief description of the Add-on. Click on Install.

Duck DNS Add-on

After a few minutes, go down to the Config section and fill in the text box with the following parameters (using the Token and domain created in the requirements):

  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  "token": "YOUR_DUCK_DNS_TOKEN",
  "domains": [
  "seconds": 300

Setting the accept_terms field to true will enable the configuration and renewal of SSL certificates with Let’s Encrypt.

Make sure that the token and domain name fields are enclosed in quotation marks. Click Save.

Configurator - configuration.yaml

Then edit the configuration.yaml file, for example with the File Editor Add-on, and modify the http node with the following code (if it doesn’t exist, create it):


  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem


Go back to the Add-on DuckDNS page (Supervisor -> Dashboard -> Duck DNS) and make sure Start on boot is enabled. Likewise, if Add-on is started, otherwise click Start.

Duck DNS Add-on settings

Underneath it all in the Log section, you’ll have all the information to see if everything went well.


It is recommended to restart the Home Assistant instance, to do so, go to Configuration -> Server Controls -> Server Management -> Restart.

Home Assistant Restart

In the latest versions of Home Assistant you may not have this option available until you click on your user and enable advanced mode.

Then open your browser and go to (with the port you have configured in the requirements). You should go to the login page of the web interface of your Home Assistant server. Enter your credentials and you will be able to access your home from any device and point in the World.

If you have not configured Let’s Encrypt, the address will be using http instead of https.

Home Assistant Dashboard

Another way to make sure it works properly is to go to and compare the IP shown for the subdomain with the IP that shows pages like; they must match.

This and other articles complement the documentation of the GitHub repository where all the configuration of my house is available.

Leave a comment