I have been trying for a week, since switching over to Hassio, with no luck… this is what I keep getting in the Let’s Encrypt log:
starting version 3.2.2
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /data/letsencrypt/renewal/redacted.duckdns.org.conf
-------------------------------------------------------------------------------
renewal config file {} is missing a required file reference
Renewal configuration file /data/letsencrypt/renewal/redacted.duckdns.org.conf is broken. Skipping.
0 renew failure(s), 1 parse failure(s)
No renewals were attempted.
Additionally, the following renewal configuration files were invalid:
/data/letsencrypt/renewal/redacted.duckdns.org.conf (parsefail)
@dpicts Renewal, Maybe your certificates have already been created? If you run below… Are they there? Then you just need to setup http component in configuration.yaml.
core-ssh:/ssl# ls -ltr /ssl/
total 8
-rw-r–r-- 1 root root 1704 Aug 25 21:42 privkey.pem
-rw-r–r-- 1 root root 3461 Aug 25 21:42 fullchain.pem
I got mine working, I had to include the following in my config:
server_port: 443
trusted_networks:
- Your PC IP address
This is on top of base_url etc. Reboot and wait about 30 or so minutes and you should be able to log in (hopefully).
Before doing that you need to have port forwarding done - 80>80 and 443>443. Download your certificates, Remove all port forwarding and add 443>8123 (not 8123>443 as indicated in your post).
I know that with my Let’s Encrypt log it said something along the lines of didn’t renew as valid certificate is already downloaded, I have no idea why yours isn’t working.
Please note that I have no IT background whatsoever, I’m just saying what worked for me.
I’m at work so can’t give much more details than that at the moment, sorry.
trying to follow this video’s instructions to install ssh, duckdns and letsencrypt, im confused…
ssh is working fine, and i shell into the hassio.local.
the vid wants us to shell into the pi@raspberry though. How do i proceed from the hassio prompt core-ssh to the pi@raspberry login? it returns the following:
ssh: Could not resolve hostname raspberrypi: nodename nor servname provided, or not known
443 > 8123 - for outside connections ( only forward 443 > 443 when you need to setup or update letsencrypt)
8123 > 8123 - for local network connection - you might need to accept the unsecure connection warning.
1883 > 1883 - MQTT
don’t forward port 80 (only when setting up or updating LetsEncrypt), it will mess with other devices (ex: google home , Plex, etc )
the thing is that my Hass.io password wont log me in as [email protected] obviously , but neither wont the default pw raspberry.
I don’t think ive set another pw on the Hassio install than the [email protected], which works fine. its just that all instructions in the video rely on shelling in as pi@raspberry.
so, question remains: how to ssh login in as [email protected] on a Hassio installation…
there are several things not included in Hassio, i’d like to install. ssh is opening the Raspberry to that. On a Rasbian system that is. not on the Hassio apparently.
Sounds like you shouldn’t use Hass.io if your goal is to hack the system. Hass.io is a locked down OS image and HA system. You manage most of it from the GUI where you install the available add-ons (including DuckDNS add-on which has a built in Let’s Encrypt component). If you’re wanting things that are not on Hass.io, you’re probably better off going with something else.
HI,
Thanks, after a week or so trial and error things are getting clearer…
I understand the Hassio setup isnt ‘hackable’ . And one has to configure it through the internal options. Ive already deleted (## ) most of the options i had put in the configuration files, as instructed per the Home Assistant available components pages.
It might be a thought that where applicable, these pages state that in case of Hassio setup, different options apply, or one just shouldn’t apply them at all.
In my wonderings, Duckdns, let’s encrypt and certificates have been the most complicated, or should i say confusing.
That being said, with several external services one is in need of these certificates, and since they’re not browsable in the Hassio configuration, even though ssh’ing, we’re out of luck there?
Also, instead of using the embedded Mqtt broker, one should be able to use an external one? if that is to be encrypted, it further complicates things…
So its a bit of a trial and error situation, which external services work in the Hassio setup and which don’t.
Anyways, thanks for you feedback , hope you can confirm or point to solutions on the above.
I’m in the same boat with you trying to figure it all out. I look at Hass.io as having a more limited scope, but one that is expanding. I prefer it because it removes some of the drudgery of maintaining the OS, but the trade off as you noted is less freedom to add just any other services, that is unless you want to learn how to create and publish add ons (I know I don’t).
I totally agree with you that documentation around Hass.io is not where it should be, but I recently discovered that Hass.io is still very new (this last spring), so we’re alll learning as we go and trying to share gems.
I was only trying to clarify Hass.io limitations that I’m learning with you, in case you weren’t aware, so you could decide if it was right for you in the near term.
its a bit silly though, cause no matter what i do and try to change, the only thing thats working is a duckdns domain for my ip. i’ve added all port forwards, and neither ngnix, nor letsencrypt allow me to https to my Home Assistant.
They are able to load correctly in the Hass.io side bar.
Mqtt gives all kinds of startup errors in the log. If i check that in the Hass.io, all seems well :-(((
hope it develops quickly, glad to help in every possible way of course.
Cheers,
Marius
I’m having problems with let’s encrypt as well. I can access my HA remotely now, but it’s broken my ability to SSH or Samba to my Pi so I’m unable to make any additional changes. I locked myself out and I don’t know how to get back in.
Not sure what you mean that Duckdns domain works but you can’t https to your setup. Isn’t that what your doing via duckdns? I only have one port forward set on my router and so far that part is working well. Amazing that my little Pi serves all this up to my phone over the internet.
duckdns per se only provides a dns for your public ip. that is translates it into something more humanly easily readable.
you need to setup port forwarding on your router to your HA ip address and port 8123.
until this point all is going well, (been able to do so from the external setup Duckdns.org.
you’ll need the extra service to encrypt the traffic to and from your HA. And then things fail. Whatever i try here, nothing works. Yet.
just read that i might have been doubling services. Ive been trying to enable both Duckdns and Let’sencrypt in the Hassio interface, while the separate Letsencrypt object is designed for dns services other than Duckdns.
Ducksdns object should be able to do it all.
Ive been able to find both certificates in the ssl folder, i hadn’t activated in my Mac/finder before… Somethings working after all!
Sound like you got it working! Congrats. Yes, I tried to indicate in my first post here that the DuckDNS Add-On for Hhass.io has a built in Let’s encrypt component, but its subtile and easy to miss.
I’m still trying to fix my Samba and SSH access… Not sure how I mucked that up by enabling this add-on.
Samba and ssh working here
Duckdns was already working before I installed the Hassio component.
No ssl though. Maybe I ought to let the Ducksns Hassio component handle registering the domain too and build everything from there?
We’ll try that next.
a lot of my friends are having problems with duckdns. I keep telling them to use no-ip instead, since no-ip is comparable to most routers dns settings. But… do what you want.