TL;DR: How to reload the SSL certificate files in HA after they’re renewed by an external process?
I’m running HA in a Docker on a Synology NAS. Everything is working fine, and I recently enabled SSL with a Let’s Encrypt certificate. I manage the renewal of the certificate directly on my NAS. I noticed that after renewal I have to restart HA for the updated certificate files to be reloaded.
I want to avoid having to restart HA upon every certificate renewal (i.e. once every month). Is there any way to do this?
I haven’t figured it out how to reload certificates without restarting HA. In fact, I find this to be the biggest pitfall of HA – it’s too monolithic and requires restarts way too often.
No need to copy the certificate files to HA. Just map the directory where they’re stored to /ssl in the HA docker container (just like the config dir is mapped to /config).
Agreed. I’ve got my DSM SSL mapped to HASS, and I need to restart HASS everytime it’s about to expire. Should be a simple service that we can call to reload it.
I have not figured this out either (hence how I found this thread) - currently you can reload components of HA, but it seems like it still needs a full restart. Given that my certs are much shorter lived than Letsencrypt, it is a bit of a pain.
My solution: Use the core_nginx_proxyaddon to serve HA over HTTPS. Then you can use the following command after deploying new cert/key files to restart the nginx addon without restarting everything else: