I haven’t used linux that much, so setting up Home Assistant on a pi server have been pretty much trial-and-error. But now I do have Home Assistant running in a virtual environment on a pi server and have setup DuckDNS and LetsEncrypt to access it remotely. One thing that never works is auto renewing the certificate.
I’m using Dehydrated to renew the certificate and have a cron job that’s scheduled to run the first every month. I followed this guide when I set it up:
https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt
The cron job is added for the homeassistant user that is running the virtual environment and when I check with “crontab -l” there are two jobs added when I change to the user.
The first is the one that updates DuckDNS with the latest IP, and this have never been a problem, the correct IP is always up-to-date at DuckDNS. The second one is the dehydrated script that is supposed to to run the first every month, but I’m unsure if it starts and fail or if it’s not started at all, the certificate always expires.
When I ssh to the pi server, change to the homeassistant user and try to run the dehydrated script it correctly reads the certificate, checks the expiration date and sees that it is expired or will expire within 30 days and then the script renews the certificate. At the end it always asks me to enter the password for sudo privileges to restart (which I don’t have for the homeassistant user), so in the end the script is unable to restart the homeassistant server when I trigger it manually. I’m not sure if the same thing happens when the script is run from the cron job, but I guess it’s likely.
After I’ve manually triggered the script and renewed the certificate, if I change back to my pi user and do:
sudo systemctl restart [email protected]
Home Assistant will restart and the new certificate is used and I can access the it remotely again.
What should I change? Should the cron job be added to the pi user instead so it’s allowed to restart using “sudo systemctl restart”, or is something else wrong in my setup? Normally I use systemctl as the pi user to start, stop or restart Home Assistant, and it’s systemctl I’m using to auto start Home Assistant when booting.
This is the full script:
set -e
set -u
set -o pipefail
domain="myhome"
token="your-duckdns-token"
case "$1" in
"deploy_challenge")
curl "https://www.duckdns.org/update?domains=$domain&token=$token&txt=$4"
echo
;;
"clean_challenge")
curl "https://www.duckdns.org/update?domains=$domain&token=$token&txt=removed&clear=true"
echo
;;
"deploy_cert")
sudo systemctl restart [email protected]
;;
"unchanged_cert")
;;
"startup_hook")
;;
"exit_hook")
;;
*)
echo Unknown hook "${1}"
exit 0
;;
esac
