Letsencrypt certificate renewal failed

Im trying to figure this out as well. Does anyone know if the Letsencrypt add on auto renews the certificate?

How can it when it is stopped? I’m assuming it won’t. Funny that boot is set to auto so maybe it boots and checks before disabling?

Anyway, When it gets to 30 days, if it doesn’t auto-renew on the next restart of HA I’ll just enable it and do it that way.

Thanks David. Ill do that.

Sorry for late replies everyone!

I have the “Lets encrypt” AddOn and the DuckDns AddOn and as I understood things, it is the DuckDns addon that will handle the auto renewal, and this wasnt working for me.

The solution was a bit basic, I had only put the first part of the dns name within my configuration, so when i changed from xxxx to xxx.duckdns.org within the DuckDns configuration I managed to restart it and it renewed the certificate with success.

BR
Daniel

So I just started my LetsEncrypt add-on for Hass and I get this error:

starting version 3.2.2
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /data/letsencrypt/renewal/xxxxxx.duckdns.org.conf

Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Attempting to renew cert from /data/letsencrypt/renewal/xxxxxx.duckdns.org.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA… Skipping.
1 renew failure(s), 0 parse failure(s)
All renewal attempts failed. The following certs could not be renewed:
/data/letsencrypt/live/xxxxxx.duckdns.org/fullchain.pem (failure)

Any ideas on how I can make it renew?

I have 443-443, 8123-8123 and 80-80 set on my router (also have 3218-3218) for the Pi.

It originally got the certificate using this config.
I can access hassio externally but have to specify the port as :8123 or it won’t connect.

I have these settings:

{
  "challenge": "https",
  "email": "xxxxxxxx",
  "domains": [
    "xxxxxx.duckdns.org"
  ],
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

Network is set for 80 and 443. Also tried 8123 instead of 443. Also tried adding the Pi to the DMZ. Nothing stops the above error.

Hmm. I changed the challenge to http instead of https
Worked!

1 Like

Hey, I had a similar issue yesterday. My security cert is still out of date after updating cert with http challenge (instead of https challenge) and deleting my Chrome browser cache.

Just wondering how your browser looked after the cert update or if I’m doing something wrong.

Did you restart HASS after updating?

1 Like

Good call! Nope hehh. It works now. Thanks guys :slight_smile:

Hi,

Where did you change to http?, I am running Hassio add-on when I add the following to the options textbox it gets removed when I restart.

“challenge”: “http”,

It’s under the LetsEncrypt addon options - I don’t use the duckdns as my router handles this so I only use LetsEncrypt. I just checked and it still says http for the challenge. My config is as per the setup in post 7 above. (except of course I changed https to http)

It turns out the DuckDns addon does this. If a cert has 30 days before expiry it renews it automatically.

I have the same behaviour, the {
“challenge”: “https”, gets removed as soon as i save :frowning:

I think you need to use http - not https

my certificate expired, and I cannot access my instance in any way.

How can I access it locally in order to use the wed interface so I can try any of the work arounds in here?

ipaddress:8123 or hassio.local:8123 and ignore the certificate error

I tried that several times before and it did not work.

Could it be that thet web server is down? Hassio is working, I can use all the automations I did.

I very much doubt it! Something is seriously wrong if you can’t go to http://ip-address:8123

Chrome etc will pitch a fit about the certificate but you just click advanced and load the site anyway.

I get the following:

didn’t send any data.
ERR_EMPTY_RESPONSE

I tried hooking up the rapsberry to a monitor in order to access the wev server locally from within the raspberry but I only get a Home Assistant Logo.

What can I do? I checked and the raspberry ip is ok.

Should uninstall the Duck DNS and Letsencrypt from the config.yaml?

Which web browser?