One of my big Covid-19 projects was to migrate the services that were installed over several machines into home-assistant. Not long after I started, I got to a roadblock with the need to have SSL for some of the services.
I got a Firewall at home. For me, opening ports is something I prefer not to do, especially to the system that controls my entire house
I went to install the built-in Let’s-Encrypt addon and figured it’s using the old-school certbot command-line tool.
Certbot Has limited support when it comes to the DNS challenge. (HTTP challenge requires port opening, and as already said, that’s a big no-no for me).
I’m using a tool called Lego for a few years now and decided, as an open-source-oriented engineer, that it would be nice to have the ability to use this tool with Home Assistant.
Do you support Google Cloud DNS for dynamic DDNS and Let’s-Encrypt w/ DNS option? That’d be great.
Also, some concerns:
Do you commit to keeping this up to date over time? It takes time to learn something new, and then have to migrate off of it due to compatibility/security issues 6 months down the line.
Also, would love to have more detailed documentation/examples.
I want to ask you if is possible to add an optiot that, after the first line of SAN certificate has generated, copy and rename the certificate here:
/ssl/fullchain.pem
/ssl/privkey.pem
So we can use this addon instead of duckdns addon, this is some line of code that i have created but i don’t know how to test this:
int h = 0
for domain in $(bashio::config 'domains'); do
sans=(${domain//,/ })
bashio::log.debug "Checking for certificate ${CERT_PATH}/certificates/${sans[0]//[*]/_}.crt existence"
if [[ ! -f "${CERT_PATH}/certificates/${sans[0]//[*]/_}.crt" ]]; then
bashio::log.info "Certificate for domain ${sans[0]} not found, issuing"
domainargs=$args
for san in ${sans[@]}; do
domainargs="${domainargs} -d ${san}"
done
bashio::log.debug "running command: lego ${domainargs} run"
lego ${domainargs} run
for (i=1 ; i<100 ; i++) ;
if [ h == 0 ];
then
cp -rp ${CERT_PATH}/certificates/${sans[0]//[*]/_}.crt /ssl/fullchain.pem
cp -rp ${CERT_PATH}/certificates/${sans[0]//[*]/_}.key /ssl/privkey.pem
fi
else
bashio::log.info "Certificate for domain ${sans[0]} found"
fi
h++
done
I hope in this implementation
Best regards
Stefano
I don’t know if you still need it but I just installed this addon since LEGO supports my DNS provider,
and found out you can simply use the generated certificates directly, so for example in the NGINX config you just put: