Lost HTTPS access

If home-assistant.log is not indicating any error, where else should I look for errors?

As I didn’t find any solution to my problem, my only option left was to the whole HA isntallation and start all over again from scratch :frowning:

In retrospect, I think I understand what I should have done to re-gain HTTP access. For setting up HTTPS access, I followed the official guide: https://www.home-assistant.io/blog/2017/09/27/effortless-encryption-with-lets-encrypt-and-duckdns/

When adding the foolowing to configuration.yaml, I loose HTTP access and get HTTPS access

# Example configuration.yaml entry for the HTTP component
http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

…so comment this out to get HTTP access.

1 Like

Hi,
Did you manage to enable both HTTP access and HTTPS access? I have trouble setting up access from internal URL (IP adress) and external URL (duckdns) at the same time.

If I comment out the ssl_certificate: /ssl/fullchain.pem and ssl_key: /ssl/privkey.pem lines, I can access HA from local network using http:ip-address:8123 but not from example.duckdns.org:8123 from external connection.
If I uncomment the lines, I lose access from local network access using HTTP and HTTPS but I can connect to HA externally using example.duckdns.org:8123.

So far I haven’t found a way to enable HTTP and HTTPS connections at the same time.

I’m at my wits end here. Using Hairpin NAT is out of the question because I’m using 4G connection and the Huawei B818 doesn’t support Hairpin NAT but needs to be in routing mode to have all the necessary options available and I don’t want to introduce another Hairpin NAT router behind because it would introduce double NAT.

Hi,
No, I didn’t get both HTTP and HTTPS access working. I run HTTPS both for local access and external access, using the very same URL (https://example.duckdns.org). I hadn’t heard about hairpinning before, but after some googeling, it seems like my router supports hairpinning. Hence I don’t have the problem you have (unfortunately).

I ran into this problem where the Lets Encrypt cert didn’t auto renew. Apparently it doesn’t by design https://community.home-assistant.io/t/lets-encrypt-add-on-how-to-get-automatic-renewal/171236

What I could do though is comment out my ssl_certificate and ssl_key lines in the config (via samba) then reboot Home Assistant. After that I could get in via http and rerun the Lets Encrypt add-on.

You can usually access locally just using the IP and HTTP plus port number.

I’ve got this automation action that renews the certificate;

action:
  - service: hassio.addon_restart
    data:
      addon: core_letsencrypt
  - delay:
      hours: 0
      minutes: 5
      seconds: 0
      milliseconds: 0
  - service: hassio.addon_restart
    data:
      addon: core_nginx_proxy
  - delay:
      hours: 0
      minutes: 1
      seconds: 0
      milliseconds: 0
  - service: homeassistant.restart
    data: {}
mode: single

My automation to check for updates:

alias: Let's Encrypt update
description: ''
trigger:
  - platform: time
    at: '05:21'
condition: []
action:
  - service: hassio.addon_start
    data:
      addon: core_letsencrypt
mode: single

In case the renewal would fail for some reason, I’ve also created an automation that monitors the expiry and sends me a notification in case it hasn’t renewed as expected.

alias: 'Error: Let''s Encrypt'
description: Certificate has not been renewed in time
trigger:
  - platform: template
    value_template: >-
      {{(states('sensor.cert_expiry_timestamp_subdomain_example_com')|as_datetime()-now())
      < timedelta(days=29)}}
condition: []
action:
  - service: notify.mobile_app_my_device
    data:
      title: Problem with HTTPS certificate
      message: Check {{ trigger.entity_id }}
mode: single

With this setup, things have now been runing reliable for a year. The notification has turned out to be useful.

Same problem; The marked solution

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

…so comment this out to get HTTP access.

works! Thanks much!