Messed up, expired Cert, no http access help?

GT3 · June 5, 2022, 12:36am

Yeah I messed up. Apparently the Lets encrypt cert never renewed. Now I cant access the HA running on a nuc. I have a keyboard hooked up and I can see the CLI but I have no idea how to save this. Ideally I would like to edit the yaml file but I dont think I can from here. Do I just start over? Is there anyway to save my settings, automation, etc without the yaml?

I don’t know what to do.

CentralCommand · June 5, 2022, 1:22am

I’m confused why an expired certificate means no http access. Just go to the URL for HA in a browser and click through the warning to ignore the certificate error for now until you can fix it.

Also did you use the let’s encrypt addon to manage the certificate? If so just start the addon via the cli.

 ha addons start core_letsencrypt

GT3 · June 5, 2022, 5:15am

Yeah somehow I couldn’t connect, not even to HTTP so I just started over.

Tinkerer · June 5, 2022, 10:19am

If you’re doing SSL in HA then you can’t ever use http:// - you can however still use https:// and click through the warning.

Odyman · November 30, 2022, 9:13pm

that would be very helpfull but i have the same problem and all i am getting is the retry to login screen with no option to click through anything (no warning shows up

)

psymon · November 30, 2022, 9:28pm

Setting my clock back has worked for me in the past, to a date before the cert expired

luckman212 · September 17, 2023, 4:21pm

This exact thing happened to me today. HA OS 10.5, latest everything. Not sure yet why the cert didn’t auto renew? But, I logged on via SSH and ran these commands which caused it to renew:

ha addons update core_letsencrypt
ha addons restart core_letsencrypt
ha core restart

gabsoftware · December 19, 2023, 9:50pm

Here is a helper script that saved my instance after the certificate wouldn’t renew.

#!/bin/bash

is_user_root () { [ "${EUID:-$(id -u)}" -eq 0 ]; }

if is_user_root; then
    echo "Certbot renew..."
    certbot renew

    echo "Refreshing updates..."
    ha refresh-updates
    
    echo "Updating Letsencrypt addon..."
    ha addons update core_letsencrypt
    
    echo "Restarting Letsencrypt addon..."
    ha addons restart core_letsencrypt
    
    echo "Updating DuckDNS addon..."
    ha addons update core_duckdns
    
    echo "Restarting DuckDNS addon..."
    ha addons restart core_duckdns
    
    echo "Restarting core (be patient)..."
    ha core restart
    
    echo "Done!"
else
    echo "Must be executed by priviledged account!" >&2
    exit 1
fi

mb_EQNvD3CjP · June 10, 2024, 9:01am

Unbelievable that the best hack from the 90s is still working

wjcarpenter · June 19, 2024, 6:19pm

I’ll say. Before now, I didn’t have the terminal and SSH addon started at boot since I rarely need it. Being locked out of the web UI meant that I couldn’t start it … wahhh-wahhhh! I had to use this old system clock trick to get back into the web UI.

(Those of you who suggested just clicking through the browser warning didn’t realize that that’s only the first gate. The HA web UI has its own check, and I didn’t find a way to get past that.)

wjcarpenter · June 19, 2024, 6:24pm

So, this happened to me today, just like it happened to others. After a fair amount of fiddling around based on suggestions in this thread, I recovered by doing these steps in the DuckDNS addon config tab:

Replace my aliases definition block with [] (without that empty list, the save blows up with an error).
Say “yes” to restart the addon.
Saw in the logs that the DuckDNS subdomain certificate was validated.
Put my aliases definition block back in the config screen and save.
Say “yes” to restart the addon.
Saw in the logs that the alias domain certificate was validated.
Restart HA to pick up new certificates (I didn’t expect this to be needed, but it was … maybe if I had waited longer it would have fixed itself).

I reckon I’ll have to go through something like this again in 3 months when the certs expire again.

wjcarpenter · September 17, 2024, 11:12pm

Well, here it is 3 months later, and I’m in the same certificate expiration boat. I’m glad I made notes last time.

But lucky me … at the moment, DuckDNS is having problems.

Hom3r · November 6, 2025, 1:06pm

Happened to me today. I don’t know what duck DNS is and I don’t use it. It seems silly that an expired SSL cert means you can’t log in at all. I would expect the Brower to try to block it and then let me override and continue but this is home assistant trying to protect me except that it’s just made my entire house completely unusable. Thanks home assistant.

DarkPatch · December 23, 2025, 5:31am

I’m using a LetsEncrypt cert that I currently apply directly by uploading the certificate via FTP. Some might ask why I’m not using the built in LetsEncrypt module, and its because I’m getting my certificate as a wildcard and I apply it to multiple servers. When I use the LetsEncrypt module, my previously acquired certificates get invalidated.

I have found that whenever the certificate expires, I’m unable to login to the website from my signed in browser, but if I run in incognito, it will show the certificate error and I can log in and manage the system.

The only way that I have had success getting back in to a signed in browser, is by clearing the cache and cookeis for the website and then restarting the browser completely. If I correct the cert error with a new certificate, I also need to perform those steps.

I’m not sure why it happens but I think it has something to do with how the login page keeps refreshing itself. I have confirmed the domain and related subdomains are not getting saved in HSTS.

It would be really great not to need to do this every 3 months. As a side note, whenever I install an new certificate, the android phone app refuses to login. Clearing the app cache and settings doesn’t work, I have to completely remove the app and then re-download it.

ELY3M · March 21, 2026, 8:21pm

There needs to be backup non-ssl port… I see no way to run non-ssl port
or better working automation for checking ssl expiry