Help with HA in a Docker container and Let's Encrypt

jono · April 26, 2018, 1:21pm

I’ve moved from a Raspberry Pi to running Home Assistant within a Docker container on an Intel NUC, and I’m trying to setup DuckDNS and Let’s Encrypt.

I’ve got DuckDNS working fine (can access HA at http://MY-DOMAIN.duckdns.org:8123), and managed to install Let’s Encrypt and obtain the certificates using the instructions for Docker here
Set up encryption using Let's Encrypt

But I’m now having trouble accessing Home Assistant’s frontend. HA loads fine (a startup notification I setup when HA starts fires), but if I try to access it at ‘https://MY-DOMAIN.duckdns.org’ it shows the ‘connecting’ image and keeps spinning

The certificates have been saved at:

/etc/letsencrypt/live/MY-DOMAIN.duckdns.org/fullchain.pem
/etc/letsencrypt/live/MY-DOMAIN.duckdns.org/privkey.pem

So I'm wondering if the problem is that the certificates are located outside of Docker, and those locations wern't specified as volumes when setting up the Docker container.

I looked at the folder permissions and they’re all set to root:root, and I’m wondering if HA can’t access them because they’re root:root.

If that’s the problem should I change the permissions to my user account on the Intel NUC (jono:jono) or should be set to homeassistant:homeassistant?

Or should I set a different volume in the Docker container where Home Assistant inside Docker can access the certificates?

-v "~/jono/homeassistant/etc/letsencrypt:/etc/letsencrypt" \
-v "~/jono/homeassistant/var/lib/letsencrypt:/var/lib/letsencrypt" \

instead of

-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/lib/letsencrypt:/var/lib/letsencrypt" \

piotr · April 26, 2018, 1:28pm

Have a look at Traefik it’s a reverse-proxy and it handles the let’s encrypt certificates and the renewals.

jono · April 26, 2018, 1:52pm

Thanks, I’ll take a look

PostSven · April 26, 2018, 2:02pm

Take a look at this thread, i am using traefik and it is working very well:

jono · May 3, 2018, 1:58pm

Thanks, will do!

jono · May 7, 2018, 9:32pm

…I’ve got Home Assistant running with Traefik. Works well, thanks again!

franksorensen · July 21, 2018, 11:40am

Hi Jono

I have the exact same problem as you did, can you elaborate on how u solved it? I got homeassistant running in a docker container and its looks like it cant see my cert files even tho they are located in the /etc/letsencrypt/live/ directory.

Thanks in advance

jono · July 23, 2018, 8:23am

Here’s the settings for Docker that worked for me:

docker run -d \
--name=lets-encrypt \
--cap-add=NET_ADMIN \
--restart always \
-v ~/docker/homeassistant_config/lets_encrypt:/config \
-e [email protected] \
-e URL=MYDOMAIN.COM \
-e VALIDATION=http \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Europe/London \
-p 80:80 \
-p 443:443 \
  linuxserver/letsencrypt

And here's what I added to configuration.yaml:

http:
  api_password: !secret api_password
  base_url: https://MYDOMAIN.COM
  ssl_certificate: /config/lets_encrypt/etc/letsencrypt/live/MYDOMAIN.COM/fullchain.pem
  ssl_key: /config/lets_encrypt/etc/letsencrypt/live/MYDOMAIN.COM/privkey.pem

I had to add config/ to the beginning of the path for ssl_certificate and ssl_key in order to make it work.