Lets Encrypt

rmdejonge · October 29, 2016, 7:49pm

Hello Everybody,

I somebody help me with Let’s encrypt.
I have used the instruction on https://home-assistant.io/blog/2015/12/13/setup-encryption-using-lets-encrypt/
And http://www.bruhautomation.com/single-post/2016/07/17/Part-3-Encrypting-Home-Assistant-and-External-Access

I have setup Duckdns.
This is working perfect and redirect to my external ip adress so i can acces home assistant.

Now i want to config SSL with Let’s encrypt. I have intallated home assitant in a Virtualenv to follow inscruction on https://home-assistant.io/getting-started/installation-virtualenv/

The problem now is, if i acces my https://mydomain.duckdns.org i get the error:mydomain.duckdns.org has refused the connection.

Yes, i have forward port 443 to internal 8123.

Where it is going wrong? Is it a problem i use homeassitant on Virtualnv? If it is Yes, what i have to do to make home assistant running on SSL?

Thanks for the help!

Smarties · October 29, 2016, 8:33pm

You have made a spelling mistake at the headline. Encryt --> Encrypt

rmdejonge · October 29, 2016, 8:36pm

thx, i have changed it(Y)

rpitera · October 30, 2016, 3:52am

Nice catch!

carlostico · October 30, 2016, 9:39am

Following…

eugenelai · October 31, 2016, 2:28am

have you added the SSL cert locations to your config file?

jceloria · October 31, 2016, 6:07pm

Another possible configuration would be to setup a apache/nginx front end and configure a reverse proxy and keep the ssl configuration separate from the HASS config.

This would give you more options for authentication as well, allowing say ldap or mod_auth_openidc for SSO authentication.

rmdejonge · November 2, 2016, 7:06am

Yes, i have

rmdejonge · November 2, 2016, 7:11am

Finally, with a lot of trying it is working!

I have this information in a include secret file, and then by my, it is not working,
Now is have the http: information in the configuration.yaml file and now it works.

Is it not possible if you use https to put the http login information in a include secret.yaml?

Thanks for the information en helping everyone.

pjo · December 20, 2016, 6:58pm

…so I followed the instructions as well, but I am getting the following error:

16-12-20 10:50:16 homeassistant.bootstrap: Invalid config for [http]: not a file for dictionary value @ data[‘http’][‘ssl_certificate’]. Got ‘/etc/letsencrypt/live/sitename.duckdns.org/fullchain.pem’
not a file for dictionary value @ data[‘http’][‘ssl_key’]. Got ‘/etc/letsencrypt/live/sitename.duckdns.org/privkey.pem’. (See /home/hass/.homeassistant/configuration.yaml:22).

Any ideas? Running version 0.33.3

rmdejonge · December 20, 2016, 7:08pm

Can you give display this part of your code? Without password

pjo · December 20, 2016, 7:14pm

@rmdejonge I presume you mean from the config file?

http:
api_password: password
ssl_certificate: /etc/letsencrypt/live/sitename.duckdns.org/fullchain.pem
ssl_key: /etc/letsencrypt/live/sitename.duckdns.org/privkey.pem

rmdejonge · December 20, 2016, 7:21pm

For sure:
1.In your code you have display it like this, not in one row?
2. And you are sure that the files are in de location as displayed?
3. You must change the link to your website/duckdns name like:
thisismysite.duckdns,org/privley.pem ect…

http:
   api_password: password
   ssl_certificate: /etc/letsencrypt/live/sitename.duckdns.org/fullchain.pem 
   ssl_key: /etc/letsencrypt/live/sitename.duckdns.org/privkey.pem

pjo · December 20, 2016, 7:41pm

thanks @rmdejonge

Yes they are indented 2 spaces
files are there - i just double checked
yes the name is a FQDN

funny thing is, HA won’t start with the 2 SSL config lines in there. Once they are commented out, the site is active and the password is enforced.

Mike_D · December 20, 2016, 7:56pm

Try adding single quotes around your ssl paths. Not sure if it matters or not but that’s how i have mine and they work.

ssl_certificate: '/etc/letsencrypt/live/sitename.duckdns.org/fullchain.pem'
ssl_key: '/etc/letsencrypt/live/sitename.duckdns.org/privkey.pem'

My other suggestion is to use Notepad++ to edit your yaml files and set it up to show white space and tabs.

View > Show Symbol > Show white space and tabs

When I was starting out a lot of my issues ended up being related to spacing and tabs, especially if copying and pasting from examples.

pjo · December 20, 2016, 9:37pm

thanks @Mike_D but that didn’t work either - although I did verify that there is no white-space/tab issue with Notepad++

could this be caused by a bad SSL?

chrysnik · April 22, 2017, 2:02am

Hi @pjo I have exactly the same issue. Have you been able to resolve it?

auseco · September 4, 2017, 12:22pm

Those of you that have Let’s Encrypt working in a virtualenv, where have you installed certbot? Did you do it from your admin account (I’m running Ubuntu 16.04) or after becoming the virtualenv user (ie after doing step 3 of the virtualenv installation instructions) or after becoming and activating the virtualenv (steps 3 and 5 of the installation)?
I am presuming the latter, so that the same account is running home assistant and managing the certicates, but can’t even get the mkdir certbot command to work because of permissions issues.
I recall seeing somewhere that we may need to make the homeassistant user a sudoer, but doesn’t that negate the benefits of running a virtualenv?

mr_white · May 22, 2019, 5:16am

hallo!

anybody tried to setup ssl with the „let‘s encrypt“ add-on?

addon does not start up without ssl in configuration and hassio does not start up WITH ssl path in config!

where do i get the ssl files to put them in the folders manually?

thx in advance

sparkydave · May 22, 2019, 5:39am

How about using the DuckDNS add-on? it includes Lets Encrypt by default.

This one: