Can't Get HTTPS security

MaestroMetty · October 22, 2020, 7:25am

Hi, I have installed and managed to work my Home Assistant on Ubuntu Server 20.04 via http protocol in duckdns. I can reach my home-assistant with http://www.mydomain.duckdns.org.
But I get an error when I try to set an SSL certification.
I use Dehydrated and generate the .pem files but when I put them into confiruation.yaml and reboot it shows this error:

Failed config
  http:
    - Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got '/usr/share/hassio/homeassistant/dehydrated/certs/MYDOMAIN.duckdns.org/fullchain.pem'
not a file for dictionary value @ data['http']['ssl_key']. Got '/usr/share/hassio/homeassistant/dehydrated/certs/MYDOMAIN.duckdns.org/privkey.pem'. (See /config/configuration.yaml, line 3).

I have also tried with

sudo chmod 755 //on both .pem files

but no solution. Anyone knows how to solve this problem?

Burningstone · October 22, 2020, 7:33am

Try this path:

/dehydrated/certs/MYDOMAIN.duckdns.org/fullchain.pem

MaestroMetty · October 22, 2020, 7:37am

Do you mean installing the dehydrated folder out of every other folders in the system?

Burningstone · October 22, 2020, 7:44am

I mean choosing this path in your configuration file in the http section.

http:
  ssl_certificate: /dehydrated/certs/MYDOMAIN.duckdns.org/fullchain.pem

browetd · October 22, 2020, 7:46am

Hello,

Try to check also the protection of your directories where those files are stored…

here is what I am doing when I am installing a new environment from scratch on Raspbian (I am using Let’s Encrypt):

$ sudo chmod 755 /etc/letsencrypt/live/
$ sudo chmod 755 /etc/letsencrypt/archive/
$ sudo chmod 644 /etc/letsencrypt/archive/< DNS NAME>/*.*

Here is my files and corresponding protection in /etc/letsencrypt/archive/< DNS NAME> :

total 56
drwxr-xr-x 2 root root 4096 Aug 30 09:45 .
drwxr-xr-x 3 root root 4096 Mar 21  2020 ..
-rw-r--r-- 1 root root 1939 Mar 21  2020 cert1.pem
-rw-r--r-- 1 root root 1939 Jun  9 12:59 cert2.pem
-rw-r--r-- 1 root root 1939 Aug 30 09:45 cert3.pem
-rw-r--r-- 1 root root 1647 Mar 21  2020 chain1.pem
-rw-r--r-- 1 root root 1647 Jun  9 12:59 chain2.pem
-rw-r--r-- 1 root root 1647 Aug 30 09:45 chain3.pem
-rw-r--r-- 1 root root 3586 Mar 21  2020 fullchain1.pem
-rw-r--r-- 1 root root 3586 Jun  9 12:59 fullchain2.pem
-rw-r--r-- 1 root root 3586 Aug 30 09:45 fullchain3.pem
-rw-r--r-- 1 root root 1708 Mar 21  2020 privkey1.pem
-rw-r--r-- 1 root root 1704 Jun  9 12:59 privkey2.pem
-rw-r--r-- 1 root root 1708 Aug 30 09:45 privkey3.pem

MaestroMetty · October 22, 2020, 8:10am

So, i’ve changed the path to

http:
  ssl_certificate: /dehydrated/certs/MYDOMAIN.duckdns.org/fullchain.pem

but nothing, then i run the following commands

sudo chmod 755 /dehydrated
cd dehydrated
sudo chmod 755 certs
cd certs
sudo chmod 755 mydomain.duckdns.org
cd mydomains.duckdns.org
sudo chmod 644 *.*

but nothing, if i run ha core check i get the same error.

These are my files and protection


total 28
drwxr-xr-x 2 root root 4096 Oct 22 07:51 .
drwxr-xr-x 3 root root 4096 Oct 22 07:50 ..
-rw-r--r-- 1 root root 1671 Oct 22 07:50 cert-1603353042.csr
-rw-r--r-- 1 root root 2273 Oct 22 07:51 cert-1603353042.pem
lrwxrwxrwx 1 root root   19 Oct 22 07:51 cert.csr -> cert-1603353042.csr
lrwxrwxrwx 1 root root   19 Oct 22 07:51 cert.pem -> cert-1603353042.pem
-rw-r--r-- 1 root root 1648 Oct 22 07:51 chain-1603353042.pem
lrwxrwxrwx 1 root root   20 Oct 22 07:51 chain.pem -> chain-1603353042.pem
-rw-r--r-- 1 root root 3921 Oct 22 07:51 fullchain-1603353042.pem
lrwxrwxrwx 1 root root   24 Oct 22 07:51 fullchain.pem -> fullchain-1603353042.pem
-rw-r--r-- 1 root root 3243 Oct 22 07:50 privkey-1603353042.pem
lrwxrwxrwx 1 root root   22 Oct 22 07:51 privkey.pem -> privkey-1603353042.pem

nickrout · October 22, 2020, 8:34am

Are you running a supervised install or a venv install or a docker install?

MaestroMetty · October 22, 2020, 8:37am

Not sure, i can’t remember. How could i check that?

nickrout · October 22, 2020, 8:39am

Do you have the supervisor?

MaestroMetty · October 22, 2020, 8:40am

Yes, I had the Supervisor section in the GUI and I can run the command

ha supervisor info

nickrout · October 22, 2020, 6:33pm

Right, a supervised install.

Your HA is running in a docker container.

dragonsoul84 · October 22, 2020, 9:34pm

I’m not familiar with dehydrated, but I think a far simpler option would be to use the add-on “Nginx Proxy Manager”. I am using the same environment as you and that is how I connect. The add-on shows exactly how to set it up and it takes care of the SSL certs using Let’s Encrypt.

MaestroMetty · October 24, 2020, 3:21pm

I solved the problem, there must have been a problem with my installation of Home Assistant since I formatted my PC, re installed, and now i managed to have HTPPS via DuckDns and Let’sEncrypt easily, which didn’t work before. Thank you guys anyway for the answers!