Cert expired lost access!

snatch · April 4, 2023, 9:23pm

Oh well this is great. So my SSL certificate has expired, so now I can’t access anything?! What am I supposed to do? Web frontend says ‘trying to connect’ - why?

I can’t ssh to it either, because of some docker weirdness I guess. Help!

boheme61 · April 4, 2023, 9:41pm

because your trying to connect from another device

does that mean your running docker ? , on a device you can’t access via an attached monitor/keyboard ?

snatch · April 4, 2023, 9:58pm

Yes, HA OS on a Pi, pretty standard no? Don’t tell me everyone else has monitors hooked up to their pis?

snatch · April 4, 2023, 10:01pm

Ok am consoled on. WHat now, no nano? How am i supposed to edit files? (Don’t say vi!)

stevemann · April 4, 2023, 10:19pm

Nano works in my HAOS.

snatch · April 4, 2023, 10:26pm

Weird. I even did a find / -name nano - nothing

stevemann · April 4, 2023, 10:41pm

It’s in /usr/bin

Are you sure you’re running HAOS?
haos

boheme61 · April 4, 2023, 10:57pm

Nope, thats not my impression

boheme61 · April 4, 2023, 10:58pm

try
ha info

… im not familiar with HAOS, so i don’t know if you get direct access to ha console commands

PS: I think you should

if so

ha inf
ha --help ( or just --h ) # read all about it ! , you can use --h after each command-string ( ha net --help etc )

snatch · April 4, 2023, 11:12pm

I have 2023.3.1 as not updated yet. Definitely HAOS. And no nano in /usr/bin!

boheme61 · April 4, 2023, 11:27pm

I wont say it, but you might “need” it

Neil_Brownlee · April 5, 2023, 1:03am

nano is standard for HAOS … so not sure what you have installed!

Anyway just use http://your HA IP:8123 - problem solved IF you are in the house…

stevemann · April 5, 2023, 2:44am

How did you install Home Assistant?

koying · April 5, 2023, 6:58am

That’s one, but probably more important is: How was the SSL certificate installed (and where) in the first place?

snatch · April 5, 2023, 9:16am

If you set up SSL in configuration.yaml you can’t use http anymore, hence the issue.

snatch · April 5, 2023, 9:18am

I can’t actually remember how I installed it. I usually use acme.sh and that sets up a cron job. So it’s quite possible that it didn’t manage to set cron up for whatever reason. It’s usually bullet proof, but I’m no docker engineer so something I don’t understand probably stopped it from working.

Neil_Brownlee · April 5, 2023, 9:27am

Yes you can … I can access locally without https and also locally with https. Not sure what you have done!!

snatch · April 5, 2023, 9:31am

Odd, it definitely didn’t work for me. I had two extra lines under http: in my configuration.yaml - one for the cert, and one for the key. What does your config look like?

Neil_Brownlee · April 5, 2023, 9:45am

Mine looks like this

http:
  ip_ban_enabled: false
  login_attempts_threshold: 1
  use_x_forwarded_for: true

I would recommend (if you get in) you use this add-on

But at the end of the day, if you can ssh in just remove your https config from the configuration yaml and restart, use the above add-on and you won’t have to worry about it ever again (it does all the renewals etc.)

koying · April 5, 2023, 9:46am

No, you can’t. You very likely have a reverse proxy (nginx?) doing the SSL termination.
If you configure the certificate in configuration.yaml, you can only do SSL.