SOLVED:
Question 1: has anyone been able to set LetsEncrypt with Windows + WAMP (Apache) + HomeAssistant?
Question 2: has anyone been able to set auto-renewal for LetsEncrypt with the conf above?
Question 3: has anyone done using this tool? LetsEncrypt-Win-Simple
My configuration:
- Windows 10
- HomeAssistant
- WAMP64 - installed on C:/wampp64
- Apache root: C:/wamp64/www
- DNS for this example: example.com
- DNS for homeassistant: ha.example.com
- HomeAssistant folder: C:/Users/name/AppData/Roaming/.homeassistant
Everything works currently with a self signed cert (reason why I have some info below)
…
Problem: LetsEncrypt-win-simple uses a token when the code to generate the cert its run under the command prompt. Usually, that token its placed under the folder /.well-known, the problem under my configuration was that I was unable to figure out how to send the requests from HA.example.com/.well-known to the proper folder, since HA runs its own server thing and the only folder with static access its www…
So… SOLUTION…add more proxypass commands… code below:
apache vhost:
<VirtualHost *:80> ServerName HA.example.com ServerSignature Off ProxyPreserveHost On ProxyRequests Off RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] </VirtualHost>
the prior will forward all traffic from regular http to httpS, without serving any https or actual address.
ssl-vhost:
<VirtualHost _default_:443> ServerName HA.example.com ServerSignature Off SSLProxyEngine on ProxyPreserveHost On ProxyRequests Off ProxyPass "/.well-known" "https://HA.example.com/local/.well-known" ProxyPassReverse "/.well-known" "https://HA.example.com/local/.well-known" ProxyPass /api/websocket ws://localhost:8123/api/websocket ProxyPassReverse /api/websocket ws://localhost:8123/api/websocket ProxyPass / http://localhost:8123/ ProxyPassReverse / http://localhost:8123/ ErrorLog "C:/wamp64/bin/apache/apache2.4.23/logs/ssl_error.log" TransferLog "C:/wamp64/bin/apache/apache2.4.23/logs/ssl_access.log" SSLEngine on SSLCertificateFile "c...directory....blah blah" SSLCertificateKeyFile "Cc...directory....blah blah" SSLCertificateKeyCAchain.....from letsencrypt......DONT FORGET TO ADD THE INFO FROM THE CERTIFICATES GENERATED </VirtualHost>
The problem with the HomeAssistant app and letsencrypt: HA app root is under folder
C:/Users/name/AppData/Roaming/.homeassistant
static content its served from:
C:/Users/name/AppData/Roaming/.homeassistant/www
, however, accesible under:
HA.example.com/local
When we run letsencrypt-win-simple under the command prompt, we want to point to that WWW folder, and thats why we force the connection with proxypass to serve /.well-known under local:
letsencrypt command:
letsencrypt.exe --manualhost ha.example.com --webroot "C:/Users/name/AppData/Roaming/.homeassistant/www" --test
first with “test” to make sure it works!
Solution explained:
-basically I have 3 different proxypass
1-ProxyPass “/.well-known” “https://HA.example.com/local/.well-known”: this is the one that tells letsencrypt win simple to pass the token verification when challenged with the /.well-know/acme…
2 and 3-ProxyPass to serve the app over SSL connection as per the HA documentation…
Hoepfully this helps someone…took me a week of no sleep…! 