Hi everyone, I’ve been trying to get Home Assistant remote access working with SSL but am getting the following error in the log:
2020-09-22 18:39:41 ERROR (MainThread) [homeassistant.config] Invalid config for [http]: not a file for dictionary value @ data[‘http’][‘ssl_certificate’]. Got ‘/home/pi/homeassistant/dehydrated/certs/[name-redacted].duckdns.org/fullchain.pem’
not a file for dictionary value @ data[‘http’][‘ssl_key’]. Got ‘/home/pi/homeassistant/dehydrated/certs/[name-redacted].duckdns.org/privkey.pem’. (See /config/configuration.yaml, line 57). Please check the docs at HTTP - Home Assistant
Some background: I’m using RaspberryPi4-64 in docker. Everything works fine if I comment out the “ssl_certificate” and “ssl_key” entries from the config. I used this guide: splitbrain(dot)org/blog/2017-08/10-homeassistant_duckdns_letsencrypt
Here’s my config:
# Configure a default setup of Home Assistant (frontend, api, etc)
default_config:
# Text to speech
tts:
- platform: google_translate
group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
http:
ssl_certificate: /home/pi/homeassistant/dehydrated/certs/[name-redacted].duckdns.org/fullchain.pem
ssl_key: /home/pi/homeassistant/dehydrated/certs/[name-redacted].duckdns.org/privkey.pem
This means “/config” from the Docker instance is mapped to “/home/pi/homeassistant” on the local machine. The config file needs to reference the internal path, not the path on the host.
However, I still have an issue. In the guide (https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt) they use “api_password: !secret hass_pass”. As far as I know this is deprecated, and I should be using long lived tokens, correct? Do I have to use a token for DuckDNS somehow, or a token when using a service call (such as IFTTT)?
I encourage you to use docker-compose as you will start accumulating containers without a means of backing up the configuration or easily making changes.
(I ignored --init as from my reading it doesn’t provide much value here )
And so is base_url. You should try and find documentation that isn’t 3 years old, as Home Assistant has moved quickly in that time. You should at the least check the HA documentation when you are not sure about something.
There is no api_key or base_url anymore, you you just need the path to your certificates.
Also, also, it’s bad practice to place persistent/necessary files/scripts within a Docker volume as it is intended to be ephemeral. As soon as you recreate or destroy your container, you are going to have to manually run all your steps again to generate new certificates.
Couple of options here:
A dedicated and separate container that creates your certificates (just look up “Let’s Encrypt” or “Dehydrated docker container”)
Have the host create the certificates and mount them to the container
At least mount a folder from your host (Pi) to where the dehydrated certificates will be created so you can reference them in your docker run or docker-compose.