I discovered HomeAssistant recently and I instantly loved it, I got a Raspberry Pi 5 to run it on, and i’m slowly working my way up to creating a fully configured system.
A few days ago I tried to set up HTTP SSL access, using the duckdns plugin.
Which ran completely fine, generated the two .pem files.
However when I added the
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
and restarted, I was introduced to the Recovery Mode, and the logs showed this:
2024-02-22 17:15:00.803 ERROR (MainThread) [homeassistant.setup] Error during setup of component http
Traceback (most recent call last):
File "/usr/src/homeassistant/homeassistant/components/http/__init__.py", line 425, in _create_ssl_context
context.load_cert_chain(self.ssl_certificate, self.ssl_key)
ssl.SSLError: [SSL: NO_CERTIFICATE_ASSIGNED] no certificate assigned (_ssl.c:3925)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/src/homeassistant/homeassistant/setup.py", line 333, in _async_setup_component
result = await task
^^^^^^^^^^
File "/usr/src/homeassistant/homeassistant/components/http/__init__.py", line 202, in async_setup
await server.async_initialize(
File "/usr/src/homeassistant/homeassistant/components/http/__init__.py", line 342, in async_initialize
self.context = await self.hass.async_add_executor_job(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/src/homeassistant/homeassistant/components/http/__init__.py", line 428, in _create_ssl_context
raise HomeAssistantError(
homeassistant.exceptions.HomeAssistantError: Could not use SSL certificate from /ssl/fullchain.pem: [SSL: NO_CERTIFICATE_ASSIGNED] no certificate assigned (_ssl.c:3925)
I removed lines from configuration.yaml and postponed configuring SSL until I had better understanding of the whole HAss system.
Some days later, while trying to setup Mosquitto, it tried taking those .pem files, and it too halted, the logs showing a very similar error:
2024-02-22 17:22:52: Error: Server certificate/key are inconsistent.
2024-02-22 17:22:52: OpenSSL Error[0]: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[15:22:52] WARNING: Halt add-on
I went to try and debug the issue, I started by moving the /ssl/*.pem files elsewhere to try and generate them again.
Curiously, the DuckDNS plugin could still locate them just fine!
[17:27:24] INFO: Renew certificate for domains: xxx.duckdns.org and aliases:
# INFO: Using main config file /data/workdir/config
Processing xxx.duckdns.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till May 8 13:36:14 2024 GMT (Longer than 30 days). Skipping renew!
However, Mosquitto did not, and neither did http, since I wasn’t even allowed to restart, since:
The system cannot restart because the configuration is not valid: Invalid config for 'http' at configuration.yaml, line 18: not a file for dictionary value 'http->ssl_certificate', got '/ssl/fullchain.pem' Invalid config for 'http' at configuration.yaml, line 19: not a file for dictionary value 'http->ssl_key', got '/ssl/privkey.pem'
So, my observation is that DuckDNS does not look into that /ssl/ folder, and perhaps never even created those two .pem files, even though it claims that in it’s documentation, quoting " The file is stored in /ssl/, which is the default for Home Assistant"
Prior to finding this, I ended up installing ‘openssl’, through apk, although it obviously didn’t change a thing.
I searched and searched and found nothing, except someone having the same SSL error with an apache installation and solving it by changing his apache configurations. (Thus pointing me it’s not OpenSSL that is having the problem)
I would be glad if someone could point me in the right direction, I am able to provide any other information if necessary, and I have a solid understanding of linux and IT in general, but I am totally new in HAss…
Thank you in advance 