LetsEncrypt within DuckDNS Fails Configuration Check

Installation Home Assistant OS
1

So I’m new to Hass.io and home-assistant and just recently got my configuration up and running on a Raspberry PI3.

I’ve installed the DuckDNS component and can connect from outside my network using my duckdns domain. Accept terms is set to true (to generate the cert files)

“accept_terms”: true,

All good here.

The issue is when I update my configuration.yaml file to generate the ssl certs with:

http:
base_url: https://xxxx.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

This fails the configuration check. The issue is not with the base_url statement since I can comment out the 2 ssl lines and configuration check passes.

What is wrong with my ssl statements?

Thanks (in advance).
Mark

2

It’s hard to tell since you have not posted the code in the correct format. Use the code button or the pre tag or use three ` without spaces on a line preceding the code and on the line after the code)

3

Did you port forward 443 to 8123 at your router? also forward port 8123 to 8123?

4

@DavidFW1960… Ok so let me try this again. For my DuckDNS component I have the following for lets_encrypt:

“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},

In my configuration.yaml I have:
http:
#parms for DuckDNS
base_url: https://xxxx.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

@Sunonline - does the “Check Config” button really validate whether I have forwarded port 443 to 8123? (which I haven’t yet). Port 8123 to 8123 was forwarded (I can connect externally using http). Would have thought the Check Config button is a local check only (but I could be wrong)

As I stated, if I comment out ssl_certificate and ssl_key, it passes the configuration checker.

Here is the beginning of the error:

Testing configuration at /config
2018-02-21 17:42:59 INFO (MainThread) [homeassistant.setup] Setting up introduction
2018-02-21 17:42:59 INFO (MainThread) [homeassistant.setup] Setting up recorder
2018-02-21 17:42:59 ERROR (MainThread) [homeassistant.config] Invalid config for [http]: not a file for dictionary value @ data[‘http’][‘ssl_certificate’]. Got ‘/ssl/fullchain.pem’
not a file for dictionary value @ data[‘http’][‘ssl_key’]. Got ‘/ssl/privkey.pem’. (See /config/configuration.yaml, line 26). Please check the docs at https://home-assistant.io/components/http/

Lastly, the error points to line 26 which is the commented line after “http:”

Any help is appreciated.

Thank you…Mark

5

I have 8123 forwarded to 8123, 443 to 443 and 80 to 80 in my setup but I don’t use duckdns as my router handles that already automatically. I am using the LetsEncrypt addon only in hassio.

Again, you have posted your config WITHOUT CORRECT FORMATTING so it is IMPOSSIBLE to tell if you have it right or not!

My config shows this:

http:
  # Uncomment this to add a password (recommended!)
    api_password: !secret http_password
    ssl_certificate: !secret ssl_cert_lets
    ssl_key: !secret ssl_key_lets
    ip_ban_enabled: True
    login_attempts_threshold: 5
  # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
    base_url: !secret base_url_name
6

Thanks David. I didn’t see an option to post the way you described. I have options for quote whole post, strong, emphasis, hyperlink, block quote, preformatted text, upload, bulleted list, numbered list, emoji and options (which contains hide details and build poll"

7

So it appears as if the core problem is generating the certs (and the check config fails because the certs are not there).

From my DuckDNS log when I stop and restart it. I’ll start searching to see if I can find anything on the “end of string encountered…” problem per below

starting version 3.2.2
#INFO: Using main config file /data/workdir/config

  • Account already registered!
    Wed Feb 21 19:15:03 EST 2018: KO
    #INFO: Using main config file /data/workdir/config
    Processing https://xxxxx.duckdns.org
  • Signing domains…
  • Generating private key…
  • Generating signing request…
    end of string encountered while processing type of subject name element #1
    problems making Certificate Request
8

Solved!

In my DuckDNS options I had http:// as a prefix to my domain name. I removed that, my certs were generated and the check config works!

M

9

Like I told you in my first post use three of these - ` in a line by themselves and also on the line after the code and it will be formatted correctly. Note it’s not an inverted comma - on my computer it’s under the ~ key. Also you can use a html pre tab - google for that… You have to properly format code here or you will get ignored.

10

Or just highlight the pasted text and hit the </> preformatted text button he already found :slight_smile:

11

If you have ‘base_url:’ with the port number on the end it’s 8123 to 8123, if you have just the duckDNS address with no port it’s 443 to 8123.

1 Like
12

Thank you very much for your advice

I have finish with let’s encrypt by follow bruh automation from youtube. everything works fine. The worry part is the renewal.

I have sensor to check the ssl cert expiry <== only wait for the time to check now show unknown.
Automation to auto renew from shell_command when less than xxx days.
Automation to notify me if less than xx days which mean cannot renew the 1st automation.