LetsEncrypt with auto renewal not working on Windows 10 +ProxyPass +ProxyPassReverse +Apache

SOLVED:

Question 1: has anyone been able to set LetsEncrypt with Windows + WAMP (Apache) + HomeAssistant?
Question 2: has anyone been able to set auto-renewal for LetsEncrypt with the conf above?
Question 3: has anyone done using this tool? LetsEncrypt-Win-Simple

My configuration:

  • Windows 10
  • HomeAssistant
  • WAMP64 - installed on C:/wampp64
  • Apache root: C:/wamp64/www
  • DNS for this example: example.com
  • DNS for homeassistant: ha.example.com
  • HomeAssistant folder: C:/Users/name/AppData/Roaming/.homeassistant
    Everything works currently with a self signed cert (reason why I have some info below) :frowning:

Problem: LetsEncrypt-win-simple uses a token when the code to generate the cert its run under the command prompt. Usually, that token its placed under the folder /.well-known, the problem under my configuration was that I was unable to figure out how to send the requests from HA.example.com/.well-known to the proper folder, since HA runs its own server thing and the only folder with static access its www…

So… SOLUTION…add more proxypass commands… code below:

apache vhost:

<VirtualHost *:80> ServerName HA.example.com ServerSignature Off ProxyPreserveHost On ProxyRequests Off RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] </VirtualHost>

the prior will forward all traffic from regular http to httpS, without serving any https or actual address.

ssl-vhost:

<VirtualHost _default_:443> ServerName HA.example.com ServerSignature Off SSLProxyEngine on ProxyPreserveHost On ProxyRequests Off ProxyPass "/.well-known" "https://HA.example.com/local/.well-known" ProxyPassReverse "/.well-known" "https://HA.example.com/local/.well-known" ProxyPass /api/websocket ws://localhost:8123/api/websocket ProxyPassReverse /api/websocket ws://localhost:8123/api/websocket ProxyPass / http://localhost:8123/ ProxyPassReverse / http://localhost:8123/ ErrorLog "C:/wamp64/bin/apache/apache2.4.23/logs/ssl_error.log" TransferLog "C:/wamp64/bin/apache/apache2.4.23/logs/ssl_access.log" SSLEngine on SSLCertificateFile "c...directory....blah blah" SSLCertificateKeyFile "Cc...directory....blah blah" SSLCertificateKeyCAchain.....from letsencrypt......DONT FORGET TO ADD THE INFO FROM THE CERTIFICATES GENERATED </VirtualHost>

The problem with the HomeAssistant app and letsencrypt: HA app root is under folder
C:/Users/name/AppData/Roaming/.homeassistant

static content its served from:
C:/Users/name/AppData/Roaming/.homeassistant/www

, however, accesible under:
HA.example.com/local

When we run letsencrypt-win-simple under the command prompt, we want to point to that WWW folder, and thats why we force the connection with proxypass to serve /.well-known under local:
letsencrypt command:

letsencrypt.exe --manualhost ha.example.com --webroot "C:/Users/name/AppData/Roaming/.homeassistant/www" --test

first with “test” to make sure it works!

Solution explained:
-basically I have 3 different proxypass
1-ProxyPass “/.well-known” “https://HA.example.com/local/.well-known”: this is the one that tells letsencrypt win simple to pass the token verification when challenged with the /.well-know/acme…
2 and 3-ProxyPass to serve the app over SSL connection as per the HA documentation…

Hoepfully this helps someone…took me a week of no sleep…! :slight_smile: