I am new to HA. I am running the latest HA OS VM within VirtualBox on a Windows 10 PC. The VM is bridged so it gets its own private IP address from my DHCP server - 10.50.50.50/24. I have an existing SmartThings Hub v3 deployment I want to connect to, but I must first get dynamic DNS and public certificates working from what I understand. I have followed the Home Assistant DuckDNS/Let’s Encrypt installation instructions. However, when it states to update the configuration.yaml file with the following lines, I get an error when I try to restart Home Assistant:
The message I get when I try to restart HA is:
The system cannot restart because the configuration is not valid: Invalid config for [http]: not a file for dictionary value @ data[‘http’][‘ssl_key’]. Got ‘/ssl/privvkey.pem’. /config/configuration.yaml,line 13).
Whereas on a Linux box I could SSH in and look at the directory structure, files, etc., on the HA OS I have not been able to find a method to view the directory structure. I have been fighting this installation for three days now with no luck.
I then went to restart Home Assistant and got this error message:
The system cannot restart because the configuration is not valid: Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got '/ssl/fullchain.pem' not a file for dictionary value @ data['http']['ssl_key']. Got '/ssl/privkey.pem'. (See /config/configuration.yaml, line 13).
I don’t know if the paths to the “fullchain.pem” and “privkey.pem” are correct. I bring this up because I see these paths in the DuckDNS logs:
/data/workdir/config
/data/workdir/chains
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
# INFO: Using main config file /data/workdir/config
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account URL...
+ Done!
[02:59:19] WARNING:
[02:59:20] INFO: Renew certificate for domains: rckha.duckdns.org and aliases:
# INFO: Using main config file /data/workdir/config
+ Creating chain cache directory /data/workdir/chains
Processing rckha.duckdns.org
+ Creating new directory /data/letsencrypt/rckha.duckdns.org ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for rckha.duckdns.org
+ 1 pending challenge(s)
+ Deploying challenge tokens...
ERROR: deploy_challenge hook returned with non-zero exit code
I don’t know if I should use these paths, install the “Let’s Encrypt” add-on, or try another DuckDNS article online.
If anyone can point me in the right direction I would appreciate it.
I am pretty certain your paths are incorrect but I don’t use duckdns or https so I can’t be certain what the paths should be.
You may need to copy the files to the correct path then update the configuration.
Hope that helps.
I do not use DuckDNS as I own my own domain name and generate all the certs I need on another system and then place them on the systems that require them using scp. This requires me to drop the cert files on my HA instance in the directory:
/usr/share/hassio/ssl
So that I can do things at the os level I use the supervisor install version on debian bullseye. The instructions can be found in this page for a supervised install.
I gave up on HA OS and installed the Supervised version. That led me down several rabbit holes I would rather not discuss here. I am going to close this thread.