Letsencrypt does not renew certificates if they are still valid for more then 30 days. Somewhere in September the certificate should renew.
Good info, but I don’t think that’s what is happening here.
As a test again, I just renamed the 2 working certificate files as fullchain.perm.backup and privkey.perm.backup and re-ran the addon. No new certificate files are being created, and the log doesn’t change. The add-on also does not stay running which I would assume it should since it needs to update cloudflare with the IP
EDIT: I just took this test one step further. I changed the subdomain in the config which should then create a new A record in cloudflare. Same log output, no new certs are created, and the A record is not created in cloudflare.
@hars any thoughts on what’s happening based on the log?
I uninstalled, re-installed and reconfigured and still getting the same log output.
My certs expire in a few weeks here.
Hi all, apologies for the slow responses. I’m not a power user of home assistant, I just use it with some switches to control a few lights.
I just updated the latest version, deleted my certs and used a completely new domain. Everything worked just fine.
@mrobi it looks like yours is failing here: [cmd] /run.sh exited 7
I’m not clever enough to know what Exit code 7 refers to and after googling, I’m none the wiser.
I would double check your config to make sure there’s no odd spaces or inverted commas. Failing that, have you tried installing the logger add-on to see if there’s more details in there?
Also I’m not sure if you’re on a Mac or not but use Chrome if you need to access the local IP. Safari for some reason just fails immediately but Chrome works.
Exit code 0 means success, any number other than 0 is an error. Unfortunately there’s no set standard to what the number means, it’s set by the program itself.
In my particular case, this add-on worked. I changed nothing in the config. Now it doesn’t. The only thing that’s changed that could possibly affect it is different versions of supervisor and core.
I’ve removed the add-on, re-installed the add-on. Reset config to default multiple times. Removed the existing certs. Tried a new domain. All give the exact same log. The logger add-on doesn’t give any useful info either unfortunately.
You could try to add this code to the run.sh script and see if it outputs where it’s failing:
trap 'catch $? $LINENO' EXIT
catch() {
echo "catching!"
if [ "$1" != "0" ]; then
# error handling goes here
echo "Error $1 occurred on $2"
fi
}
Clone or download the add-on from GitHub, make the change to run.sh (and perhaps the name in config.json so it’s easier to spot) and then dump the entire add-on into the addons folder:
I’ll try to do some testing this weekend but let me know how you get on.
Well October has rolled around and I’m now in a mess.
Certs expired this morning and I can’t access home assistant through my domain name OR through the local IP address. So I’m essentially dead in the water and locked out of my system
It’ll only work with https to the local IP and specifying the port.
Access your local ip at https://x.x.x.x:8123
If you’re on macOS, use Chrome not safari. Chrome will throw up a ERR_CERT error but there’s a link at the bottom to proceed.
For some reason I couldn’t get in from my local IP at all.
BUT I was able to use my externalip:8123 to access and it obviously complained about the cert but I got in.
As great and as simple as this add-on is, there’s definitely an issue that makes it incompatible with certain setups. (I use HassOS, maybe the others who are getting the TERM error could chime in to find a common denominator)
I ended up setting up the built-in cloudflare integration which will update cloudflare with my IP every hour. I then created and downloaded the cloudflare origin certs which expire in 15 years and replaced my cert files with those.
So I’m back up and running and should be good for at least 15 years.
I am trying to use this Add-On and have two issues. First of all when I install it and set it up, and then reboot the host (a Pi 3B +), the pi boot gets changed to a Log In, with an endless loop. When you enter the correct password, the screen goes black for a few seconds and then returns to the login window again.
Second of all, I cannot get to HA from the external domain name. It fails to resolve. But if I go to SSL Checker, it resolves to the correct IP but tells me there are no valid ssl certificates, even though I see them under the ssl folder.
All help appreciated.
Thanks,
Mike
First one I’m not too sure, sorry!
Second one, your forwarding may not be working properly. Are you forwarding port 443 -> 8123?
Hi, thanks for the add-on! (exactly what I need)
I am getting this error when running the add-on:
s6-overlay-suexec: fatal: can only run as pid 1
any idea on how to fix this? thanks!
I’m just trying to install this today for the first time and am getting the exact same error in the logs. Was hoping to find a fix here.
the add-on is unmaintained as I’m not using it any more. From memory that error appears if you’re using a token instead of a global API key. This add-on was made before those were available, using a global API key is not ideal.
HA has cloud flare baked into it now:
Also let’s encrypt:
Ahh, that’s good to know. To have proper domain routing, do I need to use both cloudflare and let’s encrypt? I.E. - Does cloudflare just take care of routing to the proper IP while letsencrypt handles the SSL? Or do I just need one or the other?
Sorry man, I just added a up top to warn others. Been a couple of years since the last post!
You’ll need both to get it working properly. The let’s encrypt add-on has a DNS challenge option so you don’t have to open port 80 to get the cert.
You’ll have to set an automation to renew the certs, the add-on doesn’t do it automatically:
Maybe the use of a cloudflare tunnel would be an option for you?
Take a look here for general information and here for the cloudflare add-on
Thanks for the quick reply! I didn’t even know the Cloudflare integration existed, but now I configured it and everything is working