I’m using the All in One installation,so i have a homeassistant user setup that is not enabled for SUDO (I think that is the whole idea…), and run HA in a virtual environment.
I used these instructions to setup letsencrypt https://home-assistant.io/docs/ecosystem/certificates/lets_encrypt/ and it works well.
It’s now been 60+ days though so it is time to renew the certificate, and that’s where i run into issues.
The automatic update didn’t work, so i’m following step 8 in the above instructions to do it manually.
after I enter this command:
i get the message below. I don’t have a SUDO password for the HA user, so I’m not sure how to get around this?
in the instructions it did say to add the HA user to the SUDO list which I’ve done, but that didn’t fix it etiher.
homeassistant@raspberrypi:~/certbot$ ./certbot-auto renew --quiet --no-self-upgrade --standalone --preferred-challenges http-01
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for homeassistant:
What should I do to get around this?
I tried adding SUDO to the line but that didn’t work.
Thanks - i tried that before but had the problem that the certbot app was in the home directory of the home assistant user.
After your comment I tried it again, and found that I can reach that directory from the PI user. (I’m a total linux noob so didn’t think about that before…).
Once I did that it worked without a problem.
For anyone in future having this same issue:
on your pi user first do:
In this way you, only allow the user/systemuser that is running the homeassistant process (hass) only to run the cerbot for generating and renewing the certificate. This should be more secure in case of a security breach within the process hass.