Shell_command: curl ftp (Home Assistant OS - HyperV)

rujin · January 17, 2021, 9:40am

Hi! I’m new to Home Assistant.

I trying to download files from ftp and place it to Home Assistant ssl dir using shell_command and curl.

shell_command:
download_curl: “/usr/bin/curl -u USERNAME:PASSWORD -o /ssl/new_fullchain.pem ftp://192.168.1.11//home/web/ssl.cert -o /ssl/new_privkey.pem ftp://192.168.1.11//home/web/ssl.key”

In terminal addon all good.

in shell_command: return code: 23
Full log -

0Warning: Failed to create the file /ssl/new_fullchain.pem: Read-only file \nWarning: system\n\r100 3437 100 3437 0 0 68740 0 --:–:-- --:–:-- --:–:-- 68740\ncurl: (23) Failed writing body (0 != 3437)\n % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0Warning: Failed to create the file /ssl/new_privkey.pem: Read-only file system\n\r100 1675 100 1675 0 0 5736 0 --:–:-- --:–:-- --:–:-- 5736\ncurl: (23) Failed writing body (0 != 1675)\n’

anyone knows where is the problem? ((

fedot · January 17, 2021, 10:22am

Hey rujin,

be aware that the SSH/Terminal addon runs on a different environment than the shell_command.
For example, the root filesystem isn’t available. Instead, you have access to /config, /share etc. (The directories you’d find under /root in the SSH/Terminal plugin).
I’m not sure, but using allowlist_external_dirs might do the trick.
However I’d either make use of the ssh addon (Get another machine on your network to scp the certificates onto Home Assistant) or use a different directory than /ssl.
Take a look at the http: configuration here on how to do that.
For example, /config/ssl/ssl.cert might be a better solution.

Lastly, the certificate update shouldn’t be your concern, the DuckDNS or Let’s Encrypt Addons should do that for you, if I understand that correctly. But your setup might not fit in there.

rujin · January 17, 2021, 11:16am

Thx fedot. I cant use DuckDNS or Let’s Encrypt Addons, i have main web server on external ip:80. The idea is to auto generate ssl.cert (every two months) on webserver and use HA automations - cert 5 days left > shell_command: download new cert.
Yeah, another way is to send cert FROM webserver TO HA via cron, but less interesting…
Thx anyway, i will read about allowlist_external_dirs.

fedot · January 17, 2021, 11:24am

If so, a reverse proxy would work for your setup, wouldn’t it?