Hi everyone!
My Home Assistant runs on Home Assistant Operating System. I’m trying to get my custom letsencrypt process working. Therefore I have created an automation which runs a bash script with certbot. Now my problem is, that the /ssl/ folder is not writeable from the homeassistant containter.
Is there a way to wirte to the /ssl/ folder of the host or the make it writeable form the homeassistant containter out of an automation?
Best regards
hoasgit
Hi,
Why not make a directory under /config/ssl and get cerbot to write the certs there ?
Surely the folder will be accessible to any container that needs it ?
Hi _dev_null,
that was my first approach too, but than I realised, that the certificate is not a accessible for the Vaultwarden (Bitwarden) addon, I also use.
There you can only specify a certificate and key name in the /ssl/ folder. (Please correct me if I’m wrong)
So I though about placing the certificate in the /ssl/ folder and didn’t find a solution.
Best regards
Hoasgit
Yup, you’re right, that’s a crazy addon limitation
What if you
chmod 777 /ssl/
from within the container or advanced terminal ?
However if Bitwarden is clever it’ll detect this and not start
Results in:
chmod: /ssl: Read-only file system
Is it perhaps possible to set a symlink in /ssl/ on the host that points to /config/ssl/ for the certificate and the key file, or something like that?
can you run an
ls -l /config/
ls -l /config/ssl/
ls -l /ssl/
find /config -type d -name '*ssl*'
The root ssl folder must be located somewhere within /config and that’s where certbot should be writing to
Here are the results:
OS Version: Home Assistant OS 11.4
Home Assistant Core: 2024.1.2
Home Assistant URL: http://homeassistant.local:8123
Observer URL: http://homeassistant.local:4357
➜ ~ ls -l /config/
total 271296
-rw-r--r-- 1 root root 9898 Jan 10 21:09 automations.yaml
drwxr-xr-x 4 root root 4096 Sep 27 23:46 blueprints
-rw-r--r-- 1 root root 6474 Dec 13 09:20 configuration.yaml
drwxr-xr-x 4 root root 4096 Oct 27 15:36 custom_components
drwxr-xr-x 2 root root 4096 Sep 27 23:45 deps
-rw-r--r-- 1 root root 11558 Jan 18 02:10 home-assistant.log
-rw-r--r-- 1 root root 8727 Jan 17 19:26 home-assistant.log.1
-rw-r--r-- 1 root root 0 Jan 17 19:29 home-assistant.log.fault
-rw-r--r-- 1 root root 273252352 Jan 18 12:00 home-assistant_v2.db
-rw-r--r-- 1 root root 65536 Jan 18 12:02 home-assistant_v2.db-shm
-rw-r--r-- 1 root root 4383712 Jan 18 12:02 home-assistant_v2.db-wal
-rw-r--r-- 1 root root 3501 Oct 16 12:53 modbus_systacomfort.yaml
-rw-r--r-- 1 root root 4872 Nov 20 13:55 mqtt.yaml
-rw-r--r-- 1 root root 121 Oct 21 11:44 notifiers.yaml
-rw-r--r-- 1 root root 0 Sep 27 23:45 scenes.yaml
-rw-r--r-- 1 root root 3 Oct 11 20:49 scripts.yaml
-rw-r--r-- 1 root root 161 Sep 27 23:45 secrets.yaml
-rw-r--r-- 1 root root 147 Oct 21 11:44 telegram.yaml
drwxr-xr-x 2 root root 4096 Sep 27 23:46 tts
drwxr-xr-x 3 root root 4096 Oct 10 16:40 www
➜ ~ ls -l /config/ssl/
total 12
-rw-r--r-- 1 root root 5278 Jan 17 16:03 fullchain.pem
-rw-r--r-- 1 root root 241 Jan 17 16:04 privkey.pem
➜ ~ ls -l /ssl/ls -l /ssl/
ls: /ssl/ls: No such file or directory
/ssl/:
total 12
-rw-r--r-- 1 root root 5278 Jan 17 16:03 fullchain.pem
-rw------- 1 root root 241 Jan 17 16:04 privkey.pem
➜ ~ find /config -type d -name '*ssl*'
➜ ~
in the homeassistant container:
homeassistant:/config# ls -l /config/
total 271300
-rw-r--r-- 1 root root 9898 Jan 10 21:09 automations.yaml
drwxr-xr-x 4 root root 4096 Sep 27 23:46 blueprints
-rw-r--r-- 1 root root 6474 Dec 13 09:20 configuration.yaml
drwxr-xr-x 4 root root 4096 Oct 27 15:36 custom_components
drwxr-xr-x 2 root root 4096 Sep 27 23:45 deps
-rw-r--r-- 1 root root 11558 Jan 18 02:10 home-assistant.log
-rw-r--r-- 1 root root 8727 Jan 17 19:26 home-assistant.log.1
-rw-r--r-- 1 root root 0 Jan 17 19:29 home-assistant.log.fault
-rw-r--r-- 1 root root 273252352 Jan 18 12:04 home-assistant_v2.db
-rw-r--r-- 1 root root 65536 Jan 18 12:07 home-assistant_v2.db-shm
-rw-r--r-- 1 root root 4383712 Jan 18 12:07 home-assistant_v2.db-wal
-rw-r--r-- 1 root root 3501 Oct 16 12:53 modbus_systacomfort.yaml
-rw-r--r-- 1 root root 4872 Nov 20 13:55 mqtt.yaml
-rw-r--r-- 1 root root 121 Oct 21 11:44 notifiers.yaml
-rw-r--r-- 1 root root 0 Sep 27 23:45 scenes.yaml
-rw-r--r-- 1 root root 3 Oct 11 20:49 scripts.yaml
-rw-r--r-- 1 root root 161 Sep 27 23:45 secrets.yaml
drwxr-xr-x 2 root root 4096 Jan 18 12:03 ssl
-rw-r--r-- 1 root root 147 Oct 21 11:44 telegram.yaml
drwxr-xr-x 2 root root 4096 Sep 27 23:46 tts
drwxr-xr-x 3 root root 4096 Oct 10 16:40 www
homeassistant:/config# ls -l /config/ssl/
total 12
-rw-r--r-- 1 root root 5278 Jan 17 16:03 fullchain.pem
-rw-r--r-- 1 root root 241 Jan 17 16:04 privkey.pem
homeassistant:/config# ls -l /ssl/
total 12
-rw-r--r-- 1 root root 5278 Jan 17 16:03 fullchain.pem
-rw------- 1 root root 241 Jan 17 16:04 privkey.pem
homeassistant:/config# find /config -type d -name '*ssl*'
/config/ssl
homeassistant:/config#
The files in /ssl/ and /config/ssl/ are the same because I copied them manually on the host.
Thank you for your help!
Regards
Hoasgit
Perfect… Glad you found it
The permissions on /config/ssl are relaxed so you should be able to get certbot to write to it
Good luck
No, I cant’t. Bescause it’s a read only filesystem in the docker container.
See here:
homeassistant:/ssl# ls
fullchain.pem privkey.pem
homeassistant:/ssl# rm fullchain.pem
rm: remove 'fullchain.pem'? y
rm: can't remove 'fullchain.pem': Read-only file system
homeassistant:/ssl#
As mentioned in my initial post my intention is to write to the /ssl/ folder (on the host) from inside the docker container “homeassistant”. That still doens’t work.
What works is wirting to the /ssl/ folder from the host. But (please correct me if I’m wrong) sending commands from a script that is triggered by an automation to the host os is not possible.
That’s my problem.
@hoasgit You can try to use my script (GitHub - zamolxe/homeassistant-aswt) to run shell_commands in the aswt container since that one has rw access to /ssl. I have also custom letsencrypt process.