Looking for some assistance with Self-Signed Certs.
I am running:
Home Assistant 2022.9.0
Frontend 20220907.0 - latest
In a docker container.
I have created a wildcard self-signed cert that I use elsewhere within my homelab. But I cannot get it to work within HA. Here is how I created my cert using openSSL
Create CA - Root Key
openssl genrsa -aes256 -out ca-key.pem 4096
Create Request
openssl req -new -x509 -sha256 -days 3650 -key ca-key.pem -out ca.pem
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:OH
Locality Name (eg, city) []:Cortland
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Real World Developers
Organizational Unit Name (eg, section) []:Internal
Common Name (e.g. server FQDN or YOUR name) []:RWD.com
Email Address []:[email protected]
Create Server Cert Signing Request
create key
openssl genrsa -out cert-key.pem 4096
create request
openssl req -new -sha256 -subj "/CN=RealWorldDevelopers" -key cert-key.pem -out cert.csr (subject=anything)
create config
echo "subjectAltName=DNS:*.RWD.com,IP:192.168.50.10" >> extfile.cnf (powershell will at BOM - need to open with notepad++ and set to UTF8)
create cert
openssl x509 -req -sha256 -days 3650 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial
I am also running Pi-Hole as my local DNS. Without the cert, my DNS routes to ha.rwd.com within my homelab just fine.
My configuration.yaml file contain the http node like so
# TLS Certs
http:
ssl_certificate: /config/fullchain.pem
ssl_key: /config/cert-key.pem
Spacing in the config is correct. The certs are in the config folder within the container.
Yet in my logs, i still get this:
2022-09-12 18:55:41.931 ERROR (MainThread) [homeassistant.setup] Error during setup of component http
Traceback (most recent call last):
File “/usr/src/homeassistant/homeassistant/components/http/init.py”, line 355, in _create_ssl_context
context.load_cert_chain(self.ssl_certificate, self.ssl_key)
ssl.SSLError: [SSL] PEM lib (_ssl.c:3874)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File “/usr/src/homeassistant/homeassistant/setup.py”, line 235, in _async_setup_component
result = await task
File “/usr/src/homeassistant/homeassistant/components/http/init.py”, line 180, in async_setup
await server.async_initialize(
File “/usr/src/homeassistant/homeassistant/components/http/init.py”, line 272, in async_initialize
self.context = await self.hass.async_add_executor_job(
File “/usr/local/lib/python3.10/concurrent/futures/thread.py”, line 58, in run
result = self.fn(*self.args, **self.kwargs)
File “/usr/src/homeassistant/homeassistant/components/http/init.py”, line 358, in _create_ssl_context
raise HomeAssistantError(
homeassistant.exceptions.HomeAssistantError: Could not use SSL certificate from /config/fullchain.pem: [SSL] PEM lib (_ssl.c:3874)
2022-09-12 18:55:41.933 ERROR (MainThread) [homeassistant.setup] Unable to set up dependencies of api. Setup failed for dependencies: http
2022-09-12 18:55:41.935 ERROR (MainThread) [homeassistant.setup] Setup failed for api: (DependencyError(…), ‘Could not setup dependencies: http’)
2022-09-12 18:55:41.936 ERROR (MainThread) [homeassistant.setup] Unable to set up dependencies of auth. Setup failed for dependencies: http
2022-09-12 18:55:41.936 ERROR (MainThread) [homeassistant.setup] Setup failed for auth: (DependencyError(…), ‘Could not setup dependencies: http’)