Let's Encrypt w/ Docker

Running HA in a docker. Set up duckdns successfully. I can hit HA via domain.duckdns.org:8123. Trying to setup let’s encrypt but the letsencrypt docker specified in the docs Set up encryption using Let's Encrypt - Home Assistant returns:

http-01 challenge for [redacted].duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. [redacted].duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to [redacted].duckdns.org

I don’t get this at all since I know duckdns is working since I’m using it. I have forwarded ports 80 and 443 to the box the letsencrypt docker is using…Not sure what the other possible fail point could be.

P.S. When I hit [redacted].duckdns.org while the letsencrypt docker is running i see

ACME client standalone challenge solver

which seems like this should all be working and says that the port forwarding etc is working. There must be something else that I’m missing.

I have no idea about docker, but the certbot command on that page is out of date. Try this one in case the old command no longer works:

sudo docker run -it --rm -p 80:80 --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" quay.io/letsencrypt/letsencrypt:latest certonly  --standalone --preferred-challenges http-01 --email YOUR_EMAIL -d YOUR_DUCKDNS_URL

If not then it’s going to be a docker thing and I can’t help.

Also, port 80 > port 80, not 443.

Then 443 > 8123 when the certificate is issued.

Thanks for the feedback, same result. → I did update the --preferred-challenges http-01 flag given the script’s output to that end. Port 80>80 and 443>443 forwarded at current. Once I have certs then 443>8123 is my understanding.

LetsEncrypt want to place file on your server, then checks for file to verify server.

The LetsEncrypt docker must have access to web viewable folder on server. I think these folders are accessed from 80 and 443(or whatever http://your server and https://yourserver resolves to)

I temporarily have nginx point my domains to LetsEncrypt server, let it renew, then revert to main servers as workaround. (Via script and 2nd nginx config for this purpose). This was just faster for me.

Just find a folder accessible through http and https on HA server and make that the /etc/LetsEncrypt/folder_LE_places_temp_file

If I follow through with the HA Config pointing to the /etc/LetsEncrypt folder and pointing ports 80>8123 would this work or do I have to figure out how to use nginx too (never touched it before)? Thanks.

Nginx not required. Once you get config right, NGINX makes multiple application serving easier but not really big deal if just using for HA.

Below link is explaination of NGINX with Letsencrypt

HA has specific documentation for implementing letsencrypt with HA with and without nginx

So I’m another month into this and no resolution…Appears that duckdns is still working great. HA is still working great. BUT letsencrypt just will not accept its own challenges. Anyone successfully setup Let’s Encrypt with HA running in a docker? Would love to know how.

I may give it a shot this weekend - my family is sick with a virus and that might give me some time at the PC to try to make it work.

I have been running HA in docker from the start, but accessing it via OpenVPN so far, which is unfriendly to the iOS app.

I’ll update this thread if I get it working.

Try this docker: https://hub.docker.com/r/linuxserver/letsencrypt/

It is nginx and Let’s Encrypt combined in one docker container, just follow the steps on the docker hub page and create a nginx config that forward from some.domain.com to hass.

Id love this too; Im running jrcs/letsencrypt and jwilder/nginx-proxy and homeassistant/home-assistant
But can’t seem to get the nginx proxy/lets encrypt to work w/ HA at all.
All my other docker containers seem to work just fine