How do I give HA root access?

Solidstan1 · August 15, 2021, 1:34pm

I have been trying to setup up SSL for HA.
My certificate and Key are in folder /etc/letsencrypt/live/MY_ADDRESS/

when I add this to config.yaml, config fails, due to file does not exist.
I believe this is because to access this location, I must be root user.

I have installed HA in a docker container. Can I give HA root access or should I approach this another way?

thanks in advance.

francisp · August 15, 2021, 3:01pm

1/ Create a directory SSL in your HA config directory and copy your certificates there
or
2/ Create a directory SSL in your HA config directory and create a symbolic link from /etc/letsencrypt/live/MY_ADDRESS/ to SSL in your HA config directory

KingRichard · August 15, 2021, 3:08pm

HA only can access files on your config directory only and just like francisp explain you just need to make a link to your SSL directory and it should work.

richieframe · August 16, 2021, 2:26am

If you are using docker, you can use volumes to bind that folder to the same name inside the container with read only access. Make sure the docker user has group membership to the original file if the user is root

Solidstan1 · August 16, 2021, 5:32pm

Im having problems trying to get symbolic link to work, even I have copied these two keys to

/HA/sslKeys/

Im getting:

Invalid config for [http]: not a file for dictionary value @ data[‘http’][‘ssl_certificate’]. Got ‘/sslKeys/fullchain.pem’
not a file for dictionary value @ data[‘http’][‘ssl_key’]. Got ‘/sslKeys/privkey.pem’. (See /config/configuration.yaml, line 1).

What should my config.yaml be?
http:
ssl_certificate: /sslKeys/fullchain.pem
ssl_key: /sslKeys/privkey.pem

francisp · August 16, 2021, 5:43pm

if /HA is the directory where your configuration.yaml is, try :

  
http:
  ssl_certificate: sslKeys/fullchain.pem
  ssl_key: sslKeys/privkey.pem

Solidstan1 · August 16, 2021, 5:48pm

HA is where the config.yam is located, and your code is exactly what I have, spaces included.
So then why does my config fail?

Configuration invalid

Invalid config for [http]: not a file for dictionary value @ data[‘http’][‘ssl_certificate’]. Got ‘/sslKeys/fullchain.pem’ not a file for dictionary value @ data[‘http’][‘ssl_key’]. Got ‘/sslKeys/privkey.pem’. (See /config/configuration.yaml, line 1).

francisp · August 16, 2021, 5:51pm

Notice I did not put a / in front !

ssl_certificate: sslKeys/fullchain.pem

is not the same as

ssl_certificate: /sslKeys/fullchain.pem

Solidstan1 · August 16, 2021, 5:54pm

Ah, thank you… This now works… lol