I don’t even know where to begin to trouble shoot, the counter is down to zero days so I’m pretty sure there’s no auto-renewing taking place. I’m checking the /var/log/le-renew.log and it’s blank. Below are all the steps I have taken to install the cert and setup auto-renew.
Thanks in
o Creating a dynamicdns entry
o Register at https://www.duckdns.org using one of the account methods
o Create a new domain of your liking, this will generate a token, save it somewhere handy
o Browse to “install” on the site, this will provide you with various installation methods, Raspbian is described in this guide. Some routers allow for this as well and you can bypass this setup all together but I don’t like the idea of a router dying and losing this.
o Installing duck script on Raspbian (Skip if you selected another method)
o cd /home/
o sudo mkdir duckdns
o cd duckdns/
o sudo nano duck.sh
1. Paste the code below replacing your domain name and token with the one generated from the previous step. Do not forget to remove the [ and ] brackets
echo url=“https://www.duckdns.org/update?domains=[YOUR_DOMAIN]&token=[YOUR_TOKEN]&ip=” | curl -k -o /home/duckdns/duck.log -K –
2. CTRL+X to Exit and then ‘Y’ to save
o sudo chmod 700 duck.sh
o sudo crontab –e //select ‘nano’ as an editor
1. Paste the code below into the crontab file
*/5 * * * * /home/duckdns/duck.sh >/dev/null 2>&1
2. CTRL+X to Exit and then ‘Y’ to save
o sudo ./duck.sh
o cat duck.log
o The output from the above command should display ‘OK’ as the prefix
OKpi@raspberrypi:/home/duckdns $
o Firewall changes
o Rule 1: Have port 80 from the outside point to internal port 80 and the internal IP Address of hass //used for auto-renew of certs
o Rule 2: Have port 8123 (hass port) from the outside point to internal port 8123 (hass port) and the internal IP Address of hass [Temporary]
o Installing certificate engine and creating certificate
o sudo adduser homeassistant sudo
o sudo passwd homeassistant //set desired password and save it
o sudo su -s /bin/bash homeassistant
o cd
o mkdir certbot
o cd certbot/
o wget https://dl.eff.org/certbot-auto
o chmod a+x certbot-auto
o Execute the command below replacing your email and domain. Do not forget to remove the [ and ] brackets
./certbot-auto certonly --standalone --preferred-challenges http-01 --email [YOUR_EMAIL]@gmail.com -d [YOUR_DOMAIN].duckdns.org //this is for port 80
OR
./certbot-auto certonly --standalone --preferred-challenges tls-sni-01 --email [YOUR_EMAIL]@gmail.com -d [YOUR_DOMAIN].duckdns.org //this is for port 443
Note: You may need to temporarily add port 80 and/or port 443 in your firewall rules on your router to point to hass. Try port 80 first and then port 443.
o sudo chmod 755 /etc/letsencrypt/live/
o sudo chmod 755 /etc/letsencrypt/archive/
o Firewall change
o Modify Rule 2: Have port 443 from the outside point to internal port 8123 (or port for hass) and the internal IP Address. Remove all other rules (e.g. 80, 8123, etc.)
o Applying certificate
o Modify the configuration.yaml. Do not forget to remove the [ and ] brackets
http:
ssl_certificate: /etc/letsencrypt/live/[YOUR_DOMAIN].duckdns.org/fullchain.pem
ssl_key: /etc/letsencrypt/live/[YOUR_DOMAIN].duckdns.org/privkey.pem
base_url: [YOUR_DOMAIN].duckdns.org
o Restart hass
o Test URL https://[YOUR_DOMAIN].duckdns.org
o Configuring auto-renew of certificate
o sudo su -s /bin/bash homeassistant
o crontab –e
1. Paste the code below into the crontab file
30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log
2. CTRL+X to Exit and then ‘Y’ to save
o sudo deluser homeassistant sudo
o Reboot Raspberry