Issue with adding let's encrypt certificates to supervised home assistant install

I run a supervised home assistant install on Debian 11.

I’ve generated let’s encrypt certificates, and have added the following to my /usr/share/hassio/homeassistant/configuration.yaml

  ssl_certificate: /etc/letsencrypt/live/
  ssl_key: /etc/letsencrypt/live/

I get the following error booting up my system/home assistant:

May 26 01:29:07 gremy-deb homeassistant[727]: 2023-05-26 01:29:07.225 ERROR (MainThread) [homeassistant.config] Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got '/etc/letsencrypt/live/'
May 26 01:29:07 gremy-deb homeassistant[727]: not a file for dictionary value @ data['http']['ssl_key']. Got '/etc/letsencrypt/live/'. (See /config/configuration.yaml, line 17). Please check the docs at

I don’t believe it is a permission issue, as I’ve also tried running this with 755 on everything in /etc/letsencrypt/live and archive both, as well as their respective directories. I’ve also taken ownership of the certs/folders (and a supervised install doesn’t have a homeassistant user, to my understanding it should be using my own). Currently, i’ve set it back to 700, it looks like this:

$ ls -l /etc/letsencrypt/
total 0
drwx------ 1 root     root     56 May 25 22:41 accounts
drwx------ 1 myuser   myuser   22 May 25 22:44 archive
drwx------ 1 myuser   myuser   34 May 25 22:44 live
drwxr-xr-x 1 root     root     32 May 25 22:44 renewal
drwxr-xr-x 1 root     root     26 May 25 22:41 renewal-hooks

(the same is true for all files and folder under live and archive)

Although ill-advised, I have tried pointing the home assistant yaml config to /archive files instead of /live as well, to no avail.

Any advice would be greatly appreciated.

Are you SSHing to the HA docker?

  1. You need to tell HA the paths inside the container - not the paths on the host.
  2. As per the Supervised requirements, you shouldn’t be running any other software on the host.

Try using the LetsEncrypt add-on instead.

1 Like

Thank you very much, yes, that would be it then.

Do you happen to know, how to/should I provide the LetsEncrypt addon with existing certificates? I am not very well versed in SSL security, so I don’t know if it’s common practice to have multiple different certificates generated for the same domain, to be used for different services.

I already have certificates for this domain (as mentioned by my original post) and I do also use them on a different machine/server, so perhaps I should be providing that to home assistant? If so, - how?

No, one certificate per hostname at a time.

Why not use a reverse proxy then?

1 Like

Why not use a reverse proxy then?

Ah, yeah I think that’s probably the reasonable solution, thank you!