Getting HTTPS to work

Wiggum · May 11, 2021, 11:41pm

Hi there,

I’m struggling to get my HA Docker (raspberry pi) installation to work over HTTPS over the Internet.

There is a mydomain.duckdns.org and port forwarding 8123 from my router to the local pi. Testing the connection using http to mydomain.duckdns.org brings me nicely to the HA logon page.

I’ve created the Letsenrypt certificates with Certbot and now trying to HA to work over HTTPS instead of HTTP.

Following entries are in my configuration.yaml

duckdns:
  domain: mydomain.duckdns.org
  access_token: mytoken

http:
  ssl_certificate: /etc/letsencrypt/live/mydomain.duckdns.org/fullchain.pem
  ssl_key: /etc/letsencrypt/live/mydomain.duckdns.org/privkey.pem

lets_encrypt:
  accept_terms: true
  certfile: /etc/letsencrypt/live/mydomain.duckdns.org/fullchain.pem
  keyfile: /etc/letsencrypt/live/mydomain.duckdns.org/privkey.pem
token: mytoken
domains:
  - mydomain.duckdns.org
aliases: []
seconds: 300

Any idea what might be wrong? HA sticks to HTTP. With http via mydomain.duckdns.org:8123, I arrive at the HA logon page of my local installation. When trying https, it fails. That should be the other way around

septillion · May 12, 2021, 6:45am

I don’t think lets_encrypt should be in your configurations. At least I can’t find any documentation about it. Let alone token, domains, aliases and seconds (they are not a child of lets_encrypt). So I think you just made an invalid configuration.

Second, are the certificates available inside the Docker with that path?

Nick4 · May 12, 2021, 8:16am

Hi, have you seen this guide: Remote access for Home Assistant

Wiggum · May 12, 2021, 9:19am

@septillion There is quite a lot fo documentation on lets encrypt and how the configuration should look like in the configuraiton.yaml. But perhaps I don’t need it since I manage the certificates myself via certbot and the duckdns plugin of certbot.

Wiggum · May 12, 2021, 9:23am

@septillion @Nick4 It could indeed be the fact that I’m running HA in a Docker while the certificates are outside the Docker image. Any idea how to:

get the docker reach those files (like my configuratio and custom components which are outside the docker image on /etc/homeassistant)
or put the files in the docker image on the /ssl location

First option would be best, since I configured cron to renew the certificates every 90 days with certbot

Nick4 · May 12, 2021, 9:52am

Sorry, can’t help you there.

I have struggled with HA & HTTPS some time ago and bumped on so many topics when I finally found the one that I linked to.
Because it’s so well written it has helped me and I referred to it a few times but your problem is to ‘exotic’ for me.

septillion · May 12, 2021, 12:43pm

Can you link to it? I only know of add-ons, no integrations.

Wiggum · May 17, 2021, 7:26pm

Managed to solve the problem.

Luckely for me, I created the docker image with the /config folder pointing to /etc/homeassistant of my host system. Creating an ./ssl folder in /etc/homeassistant allows the container to access that directory.

In case you need to know what this is for your container, try:

docker exec [containername] pwd

This returned /config, in my case.
Passing via the running docker container, I did the following:

docker exec [containername] mkdir ssl

However, I think just doing

mkdir /etc/homeassistant/ssl

would have been just the same.

Then copy your certificates to the /etc/homeassistant/ssl directory.

Adjust your configration.yaml as follows:

http:
  ssl_certificate: /config/ssl/mydomain.duckdns.org/fullchain.pem
  ssl_key: /config/ssl/mydomain.duckdns.org/privkey.pem

Restart and bam! you’re going via HTTPS instead of HTTP.

This has been a bumpy road to get the duckdns integration, certbot, certbot duckdns plugin and HA container all working. Lots of incorrect or incomplete documentation flying around.

Nick4 · May 17, 2021, 9:50pm

Good that you have solved it!

Since you also noticed that there is a lot incorrect/incomplete documentation: would you be willing to do a write up in the community guides so that future users can benefit from it as well?

There as so many different ways of running HA that this really can be confusing.
Another option could be to change the topic title to for example “HTTPS with self signed certificates & docker”.
Just an idea…

Wiggum · May 18, 2021, 9:18am

I can sure try as this will hopefully help others.

Any suggestion where to put this or what existing page(s) to amend ?

Nick4 · May 18, 2021, 9:42am

Hi, great that you want to do this!

Just think that your experience/writeup will be useful anyhow + you will probably get some reactions which might help you in case it’s necessary/you want it.

You can put it in: Community Guides - Home Assistant Community