Hi,
My certificate didnt autorenew as I thought it would and now I cant access my Home-assistant unless I comment out the certificate lines of the configuration file.
I am running Hassio. What can I do to renew the certificate manually in some way?
I cant say that we have/had the same problem, but I uninstalled the letsencrypt and duckdns addons and restarted. Then, only installed the duckdns addon as it handles everything now, then restarted again. That fixed my problem.
In my one, the SSL renewal add-on is stopped by default so I always assumed within 30 days I will need to enable it and run it again manually - I don’t think it will auto-start (unless it does that when HA restarts and I don’t know it?)
Im trying to figure this out as well. Does anyone know if the Letsencrypt add on auto renews the certificate?
How can it when it is stopped? I’m assuming it won’t. Funny that boot is set to auto so maybe it boots and checks before disabling?
Anyway, When it gets to 30 days, if it doesn’t auto-renew on the next restart of HA I’ll just enable it and do it that way.
Thanks David. Ill do that.
Sorry for late replies everyone!
I have the “Lets encrypt” AddOn and the DuckDns AddOn and as I understood things, it is the DuckDns addon that will handle the auto renewal, and this wasnt working for me.
The solution was a bit basic, I had only put the first part of the dns name within my configuration, so when i changed from xxxx to xxx.duckdns.org within the DuckDns configuration I managed to restart it and it renewed the certificate with success.
BR
Daniel
So I just started my LetsEncrypt add-on for Hass and I get this error:
starting version 3.2.2
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /data/letsencrypt/renewal/xxxxxx.duckdns.org.conf
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Attempting to renew cert from /data/letsencrypt/renewal/xxxxxx.duckdns.org.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA… Skipping.
1 renew failure(s), 0 parse failure(s)
All renewal attempts failed. The following certs could not be renewed:
/data/letsencrypt/live/xxxxxx.duckdns.org/fullchain.pem (failure)
Any ideas on how I can make it renew?
I have 443-443, 8123-8123 and 80-80 set on my router (also have 3218-3218) for the Pi.
It originally got the certificate using this config.
I can access hassio externally but have to specify the port as :8123 or it won’t connect.
I have these settings:
{
"challenge": "https",
"email": "xxxxxxxx",
"domains": [
"xxxxxx.duckdns.org"
],
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
}
Network is set for 80 and 443. Also tried 8123 instead of 443. Also tried adding the Pi to the DMZ. Nothing stops the above error.
Hmm. I changed the challenge to http instead of https
Worked!
1 Like
Hey, I had a similar issue yesterday. My security cert is still out of date after updating cert with http challenge (instead of https challenge) and deleting my Chrome browser cache.
Just wondering how your browser looked after the cert update or if I’m doing something wrong.
Did you restart HASS after updating?
1 Like
Good call! Nope hehh. It works now. Thanks guys 
Hi,
Where did you change to http?, I am running Hassio add-on when I add the following to the options textbox it gets removed when I restart.
“challenge”: “http”,
It’s under the LetsEncrypt addon options - I don’t use the duckdns as my router handles this so I only use LetsEncrypt. I just checked and it still says http for the challenge. My config is as per the setup in post 7 above. (except of course I changed https to http)
It turns out the DuckDns addon does this. If a cert has 30 days before expiry it renews it automatically.
I have the same behaviour, the {
“challenge”: “https”, gets removed as soon as i save 
I think you need to use http - not https
my certificate expired, and I cannot access my instance in any way.
How can I access it locally in order to use the wed interface so I can try any of the work arounds in here?
ipaddress:8123 or hassio.local:8123 and ignore the certificate error
I tried that several times before and it did not work.
Could it be that thet web server is down? Hassio is working, I can use all the automations I did.