Skye
September 10, 2024, 9:05am
1
I’m trying to get an SSL connection going again on my new set up but I’m running into the ERR_SSL_PROTOCOL_ERROR error.
My setup:
Using Let’sEncrypt addon on HAOS (running on proxmox)
My port forwarding 80 and 443 is sent to the internal LAN IP address of HAOS.
Using http I can access my HA instance through http://my.example.com
However when I use https://my.example.com I’m getting ERR_SSL_PROTOCOL_ERROR
I’m not sure what the issue is here. Any help or tips is appreciated!
The config:
Latest logs, the cert has been requested/renewed earlier:
[11:02:06] INFO: Selected http verification
[11:02:06] INFO: Detecting existing certificate type for <SNIP>
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[11:02:07] INFO: Existing certificate using 'ecdsa' key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal; no action taken.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
WallyR
(Wally)
September 10, 2024, 9:07am
2
Are you portforwarding port 443 to an internal port with SSL activated?
Skye
September 10, 2024, 9:09am
3
Port 80 and 443 are forwarded on my router towards the internal IP of HA OS
Is that what you’re asking?
WallyR
(Wally)
September 10, 2024, 9:11am
4
Your internal port 8123 is probably a http port.
It does not run https.
A port can only run or the other.
Skye
September 10, 2024, 9:13am
5
I’m not sure what you’re getting at, I’ve been running 8123 > 8123 and 443 (https) > 8123 on another setup fine, not convinced that is the issue
WallyR
(Wally)
September 10, 2024, 9:16am
6
Yes, because both 8123 and 443 was using https, but what about 80?
That one would not work then.
Your internal port was only running https then.
Skye
September 10, 2024, 9:18am
7
I’ve changed it back to
80 > 80
443 > 8123
8123 > 8123
Still not working unfortunately. I’ve also tested by pointing 8123 to a another port so only 443 would point to 8123, but that didn’t fix it.
WallyR
(Wally)
September 10, 2024, 9:24am
8
Just because you point your portforwarding to a port does not make it change.
Your port 8123 is probably still a http port on HA, so it will not work with 443 pointing towards it.
8123 will work, if you do it with http only though.
Skye
September 10, 2024, 9:29am
9
OK I follow your thought, so what would I need to do to make it work with https then?
WallyR
(Wally)
September 10, 2024, 9:31am
10
You need to have an internal https port to forward to.
It can be done with NGinX, which then allow both http and https connections on different ports, or it can be done with just changing the http service in HA, which then only allow https connections.
Skye
September 10, 2024, 2:23pm
11
Is there a tutorial that explains the combo Let’s Encrypt and Nginx addons and how to config them? I seem unable to make it work unfortunately.
koying
(Chris B)
September 10, 2024, 2:57pm
12
Did you read the part regarding configuring HA to enable SSL
# Home Assistant Add-on: Letsencrypt
## Installation
Follow these steps to get the add-on installed on your system:
1. Navigate in your Home Assistant frontend to **Settings** -> **Add-ons** -> **Add-on store**.
2. Find the "letsencrypt" add-on and click it.
3. Click on the "INSTALL" button.
## How to use
The Letsencrypt add-on can be configured via the add-on interface.
The configuration via YAML is also possible, see the examples below.
Navigate in your Home Assistant frontend to the add-ons overview page at
**Settings** -> **Add-ons**, and pick the **Let's Encrypt** add-on. On the top,
pick the **Configuration** page.
Provide the domain names to issue certificates for. Additionally, provide the
This file has been truncated. show original
The Nginx Proxy Manager addon does both for you.