And when I start the service I get the following output:
starting version 3.2.2
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /data/letsencrypt/renewal/hass.mycustomdomain.com.conf
-------------------------------------------------------------------------------
expected /data/letsencrypt/live/hass.mycustomdomain.com/cert.pem to be a symlink
Renewal configuration file /data/letsencrypt/renewal/hass.mycustomdomain.com.conf is broken. Skipping.
0 renew failure(s), 1 parse failure(s)
No renewals were attempted.
Additionally, the following renewal configuration files were invalid:
/data/letsencrypt/renewal/hass.mycustomdomain.com.conf (parsefail)
There is no /data/letsencrypt folder when I ssh in…
You can also throw this on the su crontab but with hass.io i think it’s automatic?
30 2 * * 1 ~/certbot/certbot-auto renew --quiet --no-self-upgrade --standalone --preferred-challenges tls-sni-01 --tls-sni-01-port [PORT] --pre-hook “sudo systemctl stop [email protected]” --post-hook “sudo systemctl start [email protected]”
I switched to hassio and installed the DuckDns Addon.
According to this:
Renewal is totally automatic. Do not for get to set accept_terms to true. You don’t need the letsencyrpt add-on.
Now my letsencyrpt sensor shows the old expiry date but at 8:00 every day the duckdns log shows a renewal date much later.
I assume that my previous renewal date is obsolete.
Please install the add on and tell me what happens when your old certificate expires
Yes, this was what someone in the chat suggested for me and it worked as well.
Would be nice if this starts working more automatically for custom domains. Looks like they have made great strides in integrating duckdns and lets encrypt (though many people continue to ask for help).
Chariyski,
Same error in what, Letsencrypt add-on ? I assume that you un-installed the Letsencrypt add-on then installed the DuckDNS add-on with Letsencrypt included.
My “problem” is that my Letsencrypt sensor
- platform: cert_expiry
host: home-assistant.io
indicates day left on my previous certificate using Hassbian. Do I need a different host name?
Now that your old certificate has expired does this sensor agree with the DuckDNS log info at 8:00 AM?
Still not clear. I hope that you did not re-install the Letsencrypt add-on.
They say here not to if you are also using the DuckDNS add-on.
Maybe this post is for people not using DuckDNS?
I hoping that it is just the sensor that is obsolete and I will still have remote access to HA after it says zero days left.
I was hoping that you could verify this since your old expiry date is sooner than mine.
The current hass.io duckdns addon appears to work well if you only use zzzz.duckdns.org; when configured properly it will take care of the SSL cert and track your IP address like you need it to. It doesn’t seem to do anything for SSL certificates on a custom domain because when you configure it you are putting in your zzzz.duckdns.org and it knows nothing about hass.mydomain.com that needs the cert.
So I continue to use the duckdns addon to manage my dynamic IP (set "accept_terms": false and "domains": ["zzzz.duckdns.org"] in this case) and I use the lets encrypt addon to manage my SSL cert (configure it for "domains": ["hass.mydomain.com"]).
Other than the hiccup where I had to uninstall and reinstall the lets encrypt addon to fix a “parse” error, it has created a new certificate for me, and my certificate sensor is showing the correct number of days. The config I am using for that sensor is:
Chariyski,
A bug was fixed so that the cert_expiry sensor is run at HA restart. I think after 12 hours it will still show the last certificate.
I don’t know the significance of using home-assistant.io in the sensor.
After reading kap’s explanation (good) I used xxx.duckdns.org in the sensor.
I get a “Host is unreachable” error for xxx.duckdns.org.