Messed up, expired Cert, no http access help?

Yeah I messed up. Apparently the Lets encrypt cert never renewed. Now I cant access the HA running on a nuc. I have a keyboard hooked up and I can see the CLI but I have no idea how to save this. Ideally I would like to edit the yaml file but I dont think I can from here. Do I just start over? Is there anyway to save my settings, automation, etc without the yaml?

I don’t know what to do.

I’m confused why an expired certificate means no http access. Just go to the URL for HA in a browser and click through the warning to ignore the certificate error for now until you can fix it.

Also did you use the let’s encrypt addon to manage the certificate? If so just start the addon via the cli.

 ha addons start core_letsencrypt
1 Like

Yeah somehow I couldn’t connect, not even to HTTP so I just started over.

If you’re doing SSL in HA then you can’t ever use http:// - you can however still use https:// and click through the warning.

2 Likes

that would be very helpfull but i have the same problem and all i am getting is the retry to login screen with no option to click through anything (no warning shows up


)

Setting my clock back has worked for me in the past, to a date before the cert expired

This exact thing happened to me today. HA OS 10.5, latest everything. Not sure yet why the cert didn’t auto renew? But, I logged on via SSH and ran these commands which caused it to renew:

ha addons update core_letsencrypt
ha addons restart core_letsencrypt
ha core restart
1 Like

Here is a helper script that saved my instance after the certificate wouldn’t renew.

#!/bin/bash

is_user_root () { [ "${EUID:-$(id -u)}" -eq 0 ]; }

if is_user_root; then
    echo "Certbot renew..."
    certbot renew

    echo "Refreshing updates..."
    ha refresh-updates
    
    echo "Updating Letsencrypt addon..."
    ha addons update core_letsencrypt
    
    echo "Restarting Letsencrypt addon..."
    ha addons restart core_letsencrypt
    
    echo "Updating DuckDNS addon..."
    ha addons update core_duckdns
    
    echo "Restarting DuckDNS addon..."
    ha addons restart core_duckdns
    
    echo "Restarting core (be patient)..."
    ha core restart
    
    echo "Done!"
else
    echo "Must be executed by priviledged account!" >&2
    exit 1
fi

Unbelievable that the best hack from the 90s is still working :smiley:

I’ll say. Before now, I didn’t have the terminal and SSH addon started at boot since I rarely need it. Being locked out of the web UI meant that I couldn’t start it … wahhh-wahhhh! I had to use this old system clock trick to get back into the web UI.

(Those of you who suggested just clicking through the browser warning didn’t realize that that’s only the first gate. The HA web UI has its own check, and I didn’t find a way to get past that.)

So, this happened to me today, just like it happened to others. After a fair amount of fiddling around based on suggestions in this thread, I recovered by doing these steps in the DuckDNS addon config tab:

  • Replace my aliases definition block with [] (without that empty list, the save blows up with an error).
  • Say “yes” to restart the addon.
  • Saw in the logs that the DuckDNS subdomain certificate was validated.
  • Put my aliases definition block back in the config screen and save.
  • Say “yes” to restart the addon.
  • Saw in the logs that the alias domain certificate was validated.
  • Restart HA to pick up new certificates (I didn’t expect this to be needed, but it was … maybe if I had waited longer it would have fixed itself).

I reckon I’ll have to go through something like this again in 3 months when the certs expire again.

Well, here it is 3 months later, and I’m in the same certificate expiration boat. I’m glad I made notes last time.

But lucky me … at the moment, DuckDNS is having problems.

image