Certbot install problem

Third party integrations
1

IMPORTANT NOTES:

i have open router 80 external port to HA 8123 internal port.

but above link for certbot i cant see on my system
so do i missing anything

2

For that to work you need to be forwarding external port 80 on your router to port 80 on your hass. Port 8123 is used by the hass UI. The “http-01” tells certbot to listen on port 80.

3

little confusion about ur answer
HA runs on 8123 isnt it or you want first change 8123 to 80
if yes how to change 8123 port to 80 in HA

if not then
whats exactly ur answer please explain
thanks

4

Hi
sorry forget i am able to open HA with direct hass-example.duckdns.org
so that mean my 80 port are ok

http://example.duckdns.org/.well-known/acme-challenge/rb4M7GIkEnKMEd_2yUFYtS2zx4VBXkNuOSR-Jz1M6oI
[X.X.X.X]: 404

but this link doesnt exist i try to open load i cant find this

5

Certbot is not hass. It is a different app you are running to authenticate and install a certificate from LetsEncrypt. Yes hass runs on port 8123 by default but when you fire up certbot with the command you are using it is listening on port 80 by default. Certbot can only listen on either port 80 or port 443 depending on the options you give it in the command line. Personally I forward external port 80 to my hass pi always. Certbot is the only app/service that even listens on my pi on port 80 so when certbot is not actually running nothing listens on that port. Hass is always listening on port 8123 so there is not conflict since they use separate ports. Does that make it a bit clearer?

6

My hass listens on the default port 8123. I forward external port 8123 on my router to port 8123 on my Pi. I can then access hass from external internet by going to https://:8123. If you add the port number 8123 to your URL there is not need to forward 443 -> 8123.

7

ok
thanks i successfully install certificate now problem is https://hass-example.duckdns.org:8123

what i done pass 8123 to 8123
without https its work like http://hass-example.duckdns.org:8123
but not work with https
anything i miss ?

8

Here is what my config looks like to enable https. Note that I"m linking directly to the cert files in the location that certbot places them. To do that you have to change the permissions on those folders to allow the user that hass runs as to be able to read them. Other people just copy the cert files into the same folder that the hass config files are in which can simplify this. The only catch on that is that when you certs are updated you will have to copy them again. There are forum posts I’ve seen around here showing how others have dealt with that. I’m not sure if you are using Win or Linux and how comfortable you are with permissions, etc.

http:
  base_url: hass-example.duckdns.org
  # Uncomment this to add a password (recommended!)
  api_password: !secret http_password
  ssl_certificate: /etc/letsencrypt/live/hass-example.duckdns.org/fullchain.pem
  ssl_key: /etc/letsencrypt/live/hass-example.duckdns.org/privkey.pem
#  ssl_certificate: /home/hass/.homeassistant/cert/fullchain-private.pem
#  ssl_key: /home/hass/.homeassistant/cert/privkey-private.pem
  trusted_networks:
    - 192.168.7.0/24
  ip_ban_enabled: True
  login_attempts_threshold: 5
9

Hi
same path of cert file i have but no success any where any log i can see that request reach upto my PI HA system or not ?

10

Hi
i think problem is some where local PI or HA side

https://10.0.0.4:8123/states

i am not able to access this either

11

Hi
sorry for trouble Finally all work ok.
thanks
i think thats best Tutorial
http://www.bruhautomation.com/single-post/2016/07/17/Part-3-Encrypting-Home-Assistant-and-External-Access

12

Glad you got it working.