Hass.io Add-On: letsdnsocloud - Custom Domain SSL & DDNS

Hassio under Synology should behave the same as under other environments. It is “virtualized” via docker so addons should not be affected of underlying system.

Hey @hars, I’m trying to get this installed on hassio supervisor 181, but when I try and run the install, I get the below stack trace

19-08-21 02:09:30 INFO (SyncWorker_6) [hassio.docker.addon] Start build 3983e8d8/amd64-addon-letsdnsocloud:1.1
19-08-21 02:09:30 ERROR (MainThread) [aiohttp.server] Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/aiohttp/web_protocol.py", line 418, in start
    resp = await task
  File "/usr/local/lib/python3.7/site-packages/aiohttp/web_app.py", line 458, in _handle
    resp = await handler(request)
  File "/usr/local/lib/python3.7/site-packages/aiohttp/web_middlewares.py", line 119, in impl
    return await handler(request)
  File "/usr/src/hassio/hassio/api/security.py", line 145, in token_validation
    return await handler(request)
  File "/usr/src/hassio/hassio/api/utils.py", line 38, in wrap_api
    answer = await method(api, *args, **kwargs)
  File "/usr/src/hassio/hassio/addons/__init__.py", line 132, in install
    await addon.instance.install(store.version, store.image)
  File "/usr/src/hassio/hassio/utils/__init__.py", line 29, in wrap_api
    return await method(api, *args, **kwargs)
  File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/usr/src/hassio/hassio/docker/addon.py", line 364, in _install
    self._build(tag)
  File "/usr/src/hassio/hassio/docker/addon.py", line 378, in _build
    use_config_proxy=False, **build_env.get_docker_args(tag)
  File "/usr/local/lib/python3.7/site-packages/docker/models/images.py", line 279, in build
    resp = self.client.api.build(**kwargs)
  File "/usr/local/lib/python3.7/site-packages/docker/api/build.py", line 160, in build
    path, exclude=exclude, dockerfile=dockerfile, gzip=gzip
  File "/usr/local/lib/python3.7/site-packages/docker/utils/build.py", line 31, in tar
    root=root, fileobj=fileobj, gzip=gzip, extra_files=extra_files
  File "/usr/local/lib/python3.7/site-packages/docker/utils/build.py", line 68, in create_archive
    fileobj = tempfile.NamedTemporaryFile()
  File "/usr/local/lib/python3.7/tempfile.py", line 538, in NamedTemporaryFile
    prefix, suffix, dir, output_type = _sanitize_params(prefix, suffix, dir)
  File "/usr/local/lib/python3.7/tempfile.py", line 126, in _sanitize_params
    dir = gettempdir()
  File "/usr/local/lib/python3.7/tempfile.py", line 294, in gettempdir
    tempdir = _get_default_tempdir()
  File "/usr/local/lib/python3.7/tempfile.py", line 229, in _get_default_tempdir
    dirlist)
FileNotFoundError: [Errno 2] No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/']

Similar issue below - do you have enough space on whatever drive you’re using? Another common issue to hassio installs that could cause that problem would be a corrupt sd card.

Thanks for the quick response… I’m running on an SSD w/ Gbs free… BUT what is super odd is this morning when I checked, it was suddenly installed… I’m wondering if maybe there was some issue w/ hass.io caching the response… I tried with a few different browsers, so I doubt it was a browser cache issue. :confused:

Thanks for this addon! Exactly what I needed. However, I followed the instructions and get the following error:

2019-08-25 19:21:51 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 774, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:1076)

My configuration.yaml looks like this (certain bits redacted):

http:
  base_url: https://home.example.info
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: true
  login_attempts_threshold: 5

I guess the only thing I could think of is that the ssl directory is created at the same level as the config directory i.e. hass.io -> config and also hass.io -> ssl. Is that correct? (I’m running Virtualbox)

This error is in multiple add-ons and super common, check it out:

Give this a shot and see how you go:

Thanks, well in fact it was working all along! I didn’t realise that my internal IP would not resolve after this addon was enabled, so I thought my hass instance just wasn’t working, as it wasn’t connecting to my local internal IP (http://192.168.1.x:8123) - switching to the new URL (https://subdomain.domain.info) works just fine (both internally and externally). Still getting that error, but I can live with that until a fix is found.

My only question I guess is, should the internal local IP still work? Not a big deal, but would be nice to know if I’ve configured it correctly.

Oh, yeah - it’ll still work just not on the internal IP.

Internal IP won’t work if you enable https so you’re all good.

1 Like

fantastic work thank you!

I can’t get it working. I only can enter in the same LAN, only via IP if I try to enter remotely.

Error:
jq: error (at <stdin>:0): Cannot iterate over null (null)

I am also interested in leveraging the Bitwarden add-in. Will this add-in support SSL for both Hassio AND additional add-ins one might add? Figured I would post here to check before I jump into the code…

First off, thanks for the add-on @hars.

I just came back to my hassio install after some time to find that letsdnsocloud is erroring out complaining about nonces. It looks like the Dehydrated version needs to be bumped based on these bug threads: https://github.com/lukas2511/dehydrated/issues/684
https://community.letsencrypt.org/t/jws-has-no-anti-replay-nonce/103324/16

It seems that forcing a rebuild/rerunning the add-on repeatedly got it to randomly work (which reports on those threads suggested would work as well) but getting upstream Dehydrated fixes to get around this properly probably aren’t a bad idea.

@mr_leerman

already running the latest release: https://github.com/PhrantiK/hassio-addons/blob/36e9f0e5ecc633b008654ee6cea1383d45bc2dd6/letsdnsocloud/build.json

What is the exact error message you’re getting?

I haven’t touched my Hassio install in months as it “just works”. If I find the time I’ll update and see if I get the error messages.

I’m not 100% certain but I think you’ll need a reverse proxy for multiple services.

Thanks for creating this addon, looks like a perfect fit for my use case.

I’m having an issue though while following the instructions. After starting the addon, I get the following error message (same as @bakes82 above):
jq: error (at <stdin>:0): Cannot iterate over null (null)

And then the addon stops. No changes to my DNS records or generated SSL certificates.

Is anyone able to help?

Running the latest Hass.io / Home Assistant on a Raspberry Pi 3B+.

Finally had the time to update my hassos and hass.io to the latest version, I deleted my certs & add-on and started from scratch.

Everything went smooth with no errors.

The only thing I can think of is you have an error in your config. There’s three sections you need to change, check out the below. Just replace the **** with your options and make sure there’s no spaces etc.

{
  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "cfapikey": "****",
  "cfemail": "****",
  "domains": [
    "****"
  ],
  "seconds": 300
}

Thanks for looking into it. I got it working now after carefully going over the guide and double-checking everything.

The problem was that I had generated and used an API Token. After I replaced it with the global API key, everything has been working well!

Thanks again for this awesome extensions! :slight_smile:

1 Like

First off, thanks for this add-on! I think I’m most of the way there in getting it to work. I installed the add-on, set the config variables, added to configuration.yml, and restarted. I am able to access the login-in page on my subdomain (hassio.example.app), but when I enter my credentials and log in, the page hangs at “Loading data.”

Have you experienced this before?

Also worth noting, I am still able to log in locally at https://localhost:8123, it’s just the remote login that hangs at that “Loading data” step.

My setup is: fresh hassio in Docker install (0.103.3), .app domain with Google Domains, Cloudflare set up as DNS for the domain (with SSL option set to “Full (strict)”), port forwarding 443 → 8123.

Thought it may have had something to do with the strict SSL as I had those features turned off in cloudflare.

Just went through and set it to strict and also perform http to https redirects and everything seems to work ok.

I would try turning the cloud flare features off though to eliminate. Provided you’re only forwarding 443 regular http traffic won’t work anyway so it’s safe to turn off.

Also try turning DNS proxy off if you have it set to on.