HA Web Server keeps old certificate after Let's Encrypt renewal

nextxpert · July 6, 2022, 7:35pm

I use Let’s Encrypt to obtain a certificate in HA on my RPi4
Every first of the month I run an automation to start the Let’s Encrypt Add-On and fetch a new certificate.

The automation completes each time and creates new certificate pem-files in the ssl folder.

My issue is, that the web server keeps presenting the old certificate even after a host reboot. The only way to load the new cert seems to completely powerdown the system and do a cold boot.

After reading this item I tried restarting HomeAssistant through automation. But still the web service presents the previous certificate.

Can anyone tell how to let Home Assistant load the latest certificate without completely shutting down the system?

Here is the certificate configuration:

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Here is the current automation to renew the certificate:

- id: lets-encrypt-renewal
  alias: System - Let's Encrypt Renewal
  trigger:
  - platform: time
    at: 02:25:00
  condition:
  - condition: template
    value_template: '{{ now().day == 1 }}'
  action:
  - service: hassio.addon_restart
    data:
      addon: core_letsencrypt
  - delay: 00:05:00
  - service: homeassistant.restart
    data: {}

rossk · July 6, 2022, 10:03pm

interested in the answers here as the first time i renewed, I tried everything to get it to update on the host and eventually found that the only thing that worked was a host reboot.

However last few times I have renewed, I literally spent ages trying 101 things, including system reboot and eventually got it to refresh but still don’t know what I did to make it refresh, I just know it eventually did.

sarvendra · March 4, 2023, 7:38pm

I am also facing the issue with the server presenting the old certificate despite the renew being successful and new files created. Rebooting the machine, Home assistant as well didn’t work. Browser still shows the old certificate. As some one suggested check to see if it’s an issue with the browser cache. Still it shows the old certificate.

brendan2 · May 21, 2023, 3:08am

I had the same issue. I noticed in Incognito mode I was getting the new certificate but still getting the old certificate in normal browsing mode.

Control + F5 got the new certificate showing in normal mode.

RTJR · March 27, 2024, 10:27pm

That was it! Thank you!