Remote Access with TLS/SSL via Let's Encrypt

Hi I’ve been using the excellent guide in here to have a certified https remote access but I’m a bit stuck now:
I have make everything the same, but as I’ve got a Synology DS216+, instead of a DuckDNS account, I have used Synology DDNS, synology.me. I have also got the Let’s encrypt certificates from the synology procedure but anyway, I’ve got a cert.pem, chain.pem and privkey.pem files from let’s encrypt, and I have checked that in their location they have their mandatory permissions. I have also made port forwarding on my router as required but when I try to validate, and for these lines:

ssl_certificate: /chain.pem
ssl_key: /privkey.pem
base_url: XXXX.synology.me

I get this error:

Testing configuration at /config
2017-11-05 22:59:34 INFO (MainThread) [homeassistant.setup] Setting up recorder
2017-11-05 22:59:35 ERROR (MainThread) [homeassistant.config] Invalid config for [http]: not a file for dictionary value @ data[‘http’][‘ssl_certificate’]. Got ‘/chain.pem’
not a file for dictionary value @ data[‘http’][‘ssl_key’]. Got ‘/privkey.pem’. (See /config/configuration.yaml, line 26). Please check the docs at https://home-assistant.io/components/http/

I guess it seems it is not finding the cert files, but I don’t get what’s happening. Any help would be appreciated, thank you!!

I had to copy my .pem files to the config folder I share with docker. I couldn’t link them through docker and I don’t remember why (I set this up a couple months ago). I then was able to set the file path in my HA configuration and setup SSL and HTTPS. The downside is every time my certificate renews, I have to copy the new one from where Synology hides them to my shared config folder. Minor inconvenience, but it works.

1 Like

Hi squirtbrnr, I’m sorry for taking me days to answer, I haven’t been able to try your suggestion till today. I know that when you mount the image on docker, a /config folder is required for home assistant but I can’t find it. I have my setup (.yaml files) inside a folder called /homeassistant, but there’s no /config folder inside of it. However, I’ve found a config folder in the root path but I can’t copy there my .pem files even with admin login and sudo command. Is it there where I should put the .pem files? Is it another /config folder I cannot get to find? Thanks again!!

when you created the docker container what folder did you link to in the docker configuration? This folder contains your configuration.yaml and all other .yaml files.

In my case, the docker package automatically creates a shared docker folder. I created a folder called “homeassistant” inside of that and a folder called “config” inside of that. So then in the docker container I linked /docker/homeassistant/confg to /config. This is where I store all of my .yaml files. I have another sub folder where I put my .pem files for the certificate so they will show up in the HA docker container when it runs. then in my configuration.yaml I put the path for both files as:

/config/<folder_name>/cert.pem
/config/<folder_name>/privkey.pem

In Synology DSM, these files are accessed at:
/volume1/docker/homeassistant/config/<folder_name>/cert.pem
/volume1/docker/homeassistant/config/<folder_name>/privkey.pem

Hope that makes sense.

2 Likes

It really did, I’ve got it working now!! Thanks a lot!!.
The thing is that my working homeassistant folder (the one with all .yaml files) is not inside that docker folder. So I just have to create inside docker a config folder: docker/config/ with the .pem files and also, just in case, a docker/homeassistant/config folder with the .pem files, then with:

ssl_certificate: /config/cert.pem
ssl_key: /config/privkey.pem
base_url: XXXX.synology.me

Everything’s working. I don’t know which folder was right but the thing’s working with https now, thanks again!

1 Like

Does anyone have a method to link to the pem files in the Synology folder? Would be great to not have to copy them into the ha config folder every few months.

Can you do a cronjob?

Yep follow my post above as well as the thread where someone linked to my post. It can be done. You have to map the folder on Synology where the .cert and .pem files are to the config folder inside your docker container.

Something like:
-v /path/to/files/on/Synology:/config/cert_folder/

Also you might want to make that directory mount read only to the home assistant container.

Since my post a year ago I have since been able to just map the folder from Synology to the docker container and I no longer have to copy the certificate files every time they change.

Hi, I’ve been reading this thread with much interest since I have been struggling for days trying to set up an https connection to my Home Assistant (which is installed in Docker on a Synology). I have set up a duckdns certificate and pointing the base_url to it, accessing HA works with http, but not https. Seeing the tips here about the environment variable path to the homeassistant folder, I have been playing around with all kinds of paths in the config file to the fullchaim.pem/privkey.pem, but I just cannot make it work. As soon as I “uncomment” those lines in the config files, it breaks and neither http/https work anymore.

My docker container setup is:

File/Folder: docker/homeassistant
Mount path: /config

I have exported the duckdns certificate and tried copying to homeassistant folder, an SSL folder there, creating a config folder under homeassistant, with the certificates there as well as in an SSL folder there. No luck!

Ports 8123 and 443 have been forwarded on the Orbing router.

I fully admit to being an idiot about this networking stuff, but how can it be this hard?