Lost HTTPS access

Hi,
My HA was running really fine, up until one day when I couldn’t access it’s web interface anymore. It came out of the blue.
image
After some initial troubleshooting, I realized this happened probably 90 days after I installed the Let’s encrypt plugin. So a qualified guess is that the failure is due to the certificate being expired.

I don’t have HTTP access either, as I removed it for security reasons.
My configuration.yaml:

http:
  base_url: https://mydomain.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Good thing is that I have SSH and samba access. So I’m pretty sure this can be sorted, if I would just know how… I’ve made several attempts trying to google an answer, but now after two months without results, I need to get some help here, please.

Thanks!

how did you install HA?

and have you confirmed your cert suspicions using certchecker?

Check the addon logs - I had problems when Cloudflare changed something in the security model so the API Token failed to work.

You should get an email with an expiry warning notice.

Educated guess are great.
Opening your browser’s web development console to check what is actually going wrong is even better :wink:

base_url have been changed to
external_url
internal_url
Please check changelog for it

how did you install HA?
It’s installed using Hass.io image, and then also installed Let’s Encrypt and DuckDNS add-ons. So my installation should be fairly standard.
and have you confirmed your cert suspicions using certchecker?
Opening your browser’s web development console to check what is actually going wrong is even better
I just figured out how to do it and can see that, yes, the certificate for mydomain.duckdns.org expired on 29th of March.

So the solution is most likely to get the certificate renewed. But how do I do that using SSH? I’ve tried to figure out if certbot is available as part of the Let’s Encrypt add-on, but without any conclusions. Perhaps there’s some port I need to open in my router.

(As a side note, I just stumbled on the sensor “Certificate Expiry” - once this issue is solved I’ll for sure add that sensor so I don’t end up in the same situation again)

you cant control docker from ssh in hassio.
if you cant access your webgui locally then not sure how you can fix this

and by the way letsencrypt should auto renew your certificate, but since you’ve closed port 80 i guess it cant do it.

you cant control docker from ssh in hassio.
if you cant access your webgui locally then not sure how you can fix this

OK, that explains why I was unsuccessful.

and by the way letsencrypt should auto renew your certificate, but since you’ve closed port 80 i guess it cant do it.

I just checked, and I have been having port 80 open all the way along for my HA. So I don’t know why it hasn’t updated.

then it should have updated automatically.
can you not login via http from inside your network?

can you not login via http from inside your network?

Unfortunately not. I remember choosing not to configure that since “why would I ever need it”. I regret that today. I can’t remember what kind of config I choose to remove/not configure unfortunately.

And when you try your home ip with https:// .

sorry have you got access to the same network as the ha host?
or are you in a remote location

And when you try your home ip with https:// .

I get to a HA page with the error message.

You're about to give https://[my-wan-ip]/ access to your Home Assistant instance.
Logging in with Home Assistant Local.
Error: invalid client id or redirect uri**

sorry have you got access to the same network as the ha host?

Yes, I’m on the same network as the HA host.

so why dont you just type http://localip:8123

My browser then gives me

**192.168.1.100**  didn’t send any data.
ERR_EMPTY_RESPONSE

http://192.168.1.100:8123

takes you to your webui

Nope. As said, my browser gives me

This page isn’t working

192.168.1.100 didn’t send any data.
ERR_EMPTY_RESPONSE

then you have another problem which is not the certificate only
your ha is not running correctly.
you need to check your logs
if you have samba you should be able to see your homeassstantl.log

I checked home-assistant.log. Nothing of interest here really, only two entries from two non-relevant plugins having issues.
As said, I do remember intentionally disabling HTTP access. But I don’t remember how.

(BTW, thanks for your patience so far in helping me)

you cant disable htttp access within your network.
if ha is running correctly, then you should be able to access your webui