NGINX SSL proxy addon not following symlinks to certificates

Installation Home Assistant OS
,
1

I have just updated my HA setup, (though I do not think this addon), and the addon now gives the following error and I cannot access via HTTPS

[INFO] Running nginx...
nginx: [emerg] BIO_new_file("/ssl/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/ssl/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

config is

{
  "domain": "ha.borpin.net",
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "hsts": "max-age=31536000; includeSubDomains",
  "customize": {
    "active": false,
    "default": "nginx_proxy_default*.conf",
    "servers": "nginx_proxy/*.conf"
  }
}

Server is setup thus;

root@DietPi-V6-HA:/usr/share/hassio/ssl# ls -la
total 8
drwxr-xr-x  2 root root 4096 Aug  7 11:02 .
drwxr-xr-x 10 root root 4096 Jun 21 22:44 ..
lrwxrwxrwx  1 root root   44 Jun 21 23:01 cert.pem -> /etc/letsencrypt/live/ha.borpin.net/cert.pem
lrwxrwxrwx  1 root root   45 Jun 21 23:01 chain.pem -> /etc/letsencrypt/live/ha.borpin.net/chain.pem
lrwxrwxrwx  1 root root   49 Jun 21 23:02 fullchain.pem -> /etc/letsencrypt/live/ha.borpin.net/fullchain.pem
lrwxrwxrwx  1 root root   47 Jun 21 23:02 privkey.pem -> /etc/letsencrypt/live/ha.borpin.net/privkey.pem
root@DietPi-V6-HA:/usr/share/hassio/ssl# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: ha.borpin.net
    Domains: ha.borpin.net
    Expiry Date: 2019-09-19 19:44:52+00:00 (VALID: 43 days)
    Certificate Path: /etc/letsencrypt/live/ha.borpin.net/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/ha.borpin.net/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

It worked quite happily before the update.

It looks like it cannot follow the symlinks to the certificates.

If I copy the certificates and update the config to the copied certificates it works.

lrwxrwxrwx  1 root root   44 Jun 21 23:01 cert.pem -> /etc/letsencrypt/live/ha.borpin.net/cert.pem
lrwxrwxrwx  1 root root   45 Jun 21 23:01 chain.pem -> /etc/letsencrypt/live/ha.borpin.net/chain.pem
-rw-r--r--  1 root root 3550 Aug  7 11:53 fullchain2.pem
lrwxrwxrwx  1 root root   49 Jun 21 23:02 fullchain.pem -> /etc/letsencrypt/live/ha.borpin.net/fullchain.pem
-rw-r--r--  1 root root 1704 Aug  7 11:53 privkey2.pem
lrwxrwxrwx  1 root root   47 Jun 21 23:02 privkey.pem -> /etc/letsencrypt/live/ha.borpin.net/privkey.pem

Is this a bug? I note that using the Samba addon, the linked files are not listed on my windows machine either (though I do not know if this is a new situation).

1 Like
2

This is still a problem it appears. Are there any solutions?

1 Like