I very much doubt it! Something is seriously wrong if you can’t go to http://ip-address:8123
Chrome etc will pitch a fit about the certificate but you just click advanced and load the site anyway.
I very much doubt it! Something is seriously wrong if you can’t go to http://ip-address:8123
Chrome etc will pitch a fit about the certificate but you just click advanced and load the site anyway.
I get the following:
didn’t send any data.
ERR_EMPTY_RESPONSE
I tried hooking up the rapsberry to a monitor in order to access the wev server locally from within the raspberry but I only get a Home Assistant Logo.
What can I do? I checked and the raspberry ip is ok.
Should uninstall the Duck DNS and Letsencrypt from the config.yaml?
Which web browser?
I tried Chrome and Edge, none are working.
this hassio thing with the web page is great, untill you need to do something manually, I miss a lot the old installation method.
OK.
I just got that as well.
must be https
or https://hassio.local:8123
click advanced and then load (unsafe)
it finally worked. Thanks a lot!
Like you said, I had to go to advance and confirm I wanted to enter to a unsafe sire.
Thanks again, I hope I do not find any more issues.
Regards,
Maxi.
FWIW, to get auto-renewing Let’s Encrypt certs with the core_letsencrypt Hassio Addon, I am using this automation:
- id: letsencrypt-renewal
alias: "Let's Encrypt Renewal"
trigger:
- platform: time
at: '00:00:00'
action:
- service: hassio.addon_restart
data:
addon: core_letsencrypt
Edit: This has been added to the official docs now.
lol!!! I was thinking just today I should make that exact same automation to start the addon every day!
Just tried it and I’m seeing this error:
starting version 3.2.4
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /data/letsencrypt/renewal/my-domain.duckdns.org.conf
-------------------------------------------------------------------------------
expected /data/letsencrypt/live/my-domain.duckdns.org/cert.pem to be a symlink
Renewal configuration file /data/letsencrypt/renewal/my-domain.duckdns.org.conf is broken. Skipping.
-------------------------------------------------------------------------------
0 renew failure(s), 1 parse failure(s)
No renewals were attempted.
Additionally, the following renewal configuration files were invalid:
/data/letsencrypt/renewal/my-domain.duckdns.org.conf (parsefail)
-------------------------------------------------------------------------------
What am I missing now?
Uninstalled addon and re-installed and now I get:
starting version 3.2.4
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for my-domain.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. my-domain.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://my-domain.duckdns.org/.well-known/acme-challenge/v9tBRzv3BEDt3d6_kCay-FpN3Mk_Bz8F4n423CDs2pI: Timeout during connect (likely firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: my-domain.duckdns.org
Type: connection
Detail: Fetching
http://my-domain.duckdns.org/.well-known/acme-challenge/v9tBRzv3BEDt3d6_kCay-FpN3Mk_Bz8F4n423CDs2pI:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
I have port 80 forwarded in my router to port 80 on the Pi and it renewed fine last time…
Looks like you’re using DuckDNS. In that case, I think you should uninstall the core_letsencrypt
addon entirely and not use my automation—at least that’s what the docs say.
The DuckDNS add-on has its own ways of handling LE certificates. I am not sure if it renews automatically or not, as I was only looking into core_letsencrypt
.
No not using duckdns - my router handles that side of it. Just using letsencrypt addin
My ISP was blocking port 80 incoming (just changed ISP) Unblocked now but too many failures so I need to wait for an hour.
So it just renewed when I triggered the Automation. Weird - I still had 40 days left… have they changed that from 30 days?
Does the Letsencrypt need to use port 80? I have a problem when I set NAT in port 80 to Home Assistant, so my Google assistant will stop working.
It will only work on port 80. You need to forward port 80 to port 80. Why is this going to break Google Assistant? You would need to use https:// for Google and normally that will be on port 443 or some other port forwarded to 443…
Well, I do not understand that. Port 443 is not
redirected, but I just tested it, as soon as I redirect port 80 to HA, so Google assistant stops working when I remove port forwarding 80 again, Google Assistant works again.
Google Assistant needs a Https end point so how are you doing that without forwarding 443 or forwarding some other port to 443? Why are you forwarding port 80 to Home Assistant?
Feel free to provide more information about your setup but suffice to say letsencrypt will only work with port 80 unless you can setup dns validation.
Port 80 is redirected to Letsencrypt addo-on (ie Home Assistant IP address), or is not it necessary? Sorry for my English.
No port 80 gets forwarded to port 80. With IPv4 you don’t forward a port to a specific IP address, you forward an external port to an internal port - effectively allowing a device listening on a port to be contacted from the Internet.
In a typical HA installation using LetsEncrypt you would forward port 80 to port 80 otherwise LetsEncrypt cannot renew or obtain an ssl certificate and you would also forward port 443 to port 8123 so that Home Assistant can be accessed over the internet via ssl. (That address, https://yourdomain.duckdns.org is also what you would give Google Assistant to connect to HA) If you don’t have your system setup like this then you might need to change the URL in Google Developer Console (three places it needs to be changed) and delink your app. (Assuming you’re not using Home Assistant cloud)