If home-assistant.log is not indicating any error, where else should I look for errors?
As I didn’t find any solution to my problem, my only option left was to the whole HA isntallation and start all over again from scratch
In retrospect, I think I understand what I should have done to re-gain HTTP access. For setting up HTTPS access, I followed the official guide: https://www.home-assistant.io/blog/2017/09/27/effortless-encryption-with-lets-encrypt-and-duckdns/
When adding the foolowing to configuration.yaml, I loose HTTP access and get HTTPS access
# Example configuration.yaml entry for the HTTP component
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
…so comment this out to get HTTP access.
Hi,
Did you manage to enable both HTTP access and HTTPS access? I have trouble setting up access from internal URL (IP adress) and external URL (duckdns) at the same time.
If I comment out the ssl_certificate: /ssl/fullchain.pem and ssl_key: /ssl/privkey.pem lines, I can access HA from local network using http:ip-address:8123 but not from example.duckdns.org:8123 from external connection.
If I uncomment the lines, I lose access from local network access using HTTP and HTTPS but I can connect to HA externally using example.duckdns.org:8123.
So far I haven’t found a way to enable HTTP and HTTPS connections at the same time.
I’m at my wits end here. Using Hairpin NAT is out of the question because I’m using 4G connection and the Huawei B818 doesn’t support Hairpin NAT but needs to be in routing mode to have all the necessary options available and I don’t want to introduce another Hairpin NAT router behind because it would introduce double NAT.
Hi,
No, I didn’t get both HTTP and HTTPS access working. I run HTTPS both for local access and external access, using the very same URL (https://example.duckdns.org). I hadn’t heard about hairpinning before, but after some googeling, it seems like my router supports hairpinning. Hence I don’t have the problem you have (unfortunately).
I ran into this problem where the Lets Encrypt cert didn’t auto renew. Apparently it doesn’t by design https://community.home-assistant.io/t/lets-encrypt-add-on-how-to-get-automatic-renewal/171236
What I could do though is comment out my ssl_certificate and ssl_key lines in the config (via samba) then reboot Home Assistant. After that I could get in via http and rerun the Lets Encrypt add-on.
You can usually access locally just using the IP and HTTP plus port number.
I’ve got this automation action that renews the certificate;
action:
- service: hassio.addon_restart
data:
addon: core_letsencrypt
- delay:
hours: 0
minutes: 5
seconds: 0
milliseconds: 0
- service: hassio.addon_restart
data:
addon: core_nginx_proxy
- delay:
hours: 0
minutes: 1
seconds: 0
milliseconds: 0
- service: homeassistant.restart
data: {}
mode: single
My automation to check for updates:
alias: Let's Encrypt update
description: ''
trigger:
- platform: time
at: '05:21'
condition: []
action:
- service: hassio.addon_start
data:
addon: core_letsencrypt
mode: single
In case the renewal would fail for some reason, I’ve also created an automation that monitors the expiry and sends me a notification in case it hasn’t renewed as expected.
alias: 'Error: Let''s Encrypt'
description: Certificate has not been renewed in time
trigger:
- platform: template
value_template: >-
{{(states('sensor.cert_expiry_timestamp_subdomain_example_com')|as_datetime()-now())
< timedelta(days=29)}}
condition: []
action:
- service: notify.mobile_app_my_device
data:
title: Problem with HTTPS certificate
message: Check {{ trigger.entity_id }}
mode: single
With this setup, things have now been runing reliable for a year. The notification has turned out to be useful.
Same problem; The marked solution
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
…so comment this out to get HTTP access.
works! Thanks much!