(solved) possible dns issue with let's encrypt addon

Installation Home Assistant OS
1

Hi everyone, I have opened an issue on github for the letsencrypt addon, not being able to renew a certificate:

Possible dns issue with let’s encrypt addon. acme-v01.api.letsencrypt.org is reachable from the host machine, but it seems it isn’t from the docker container. Hass.io and other addons don’t have this issue.

Host OS: Ubuntu Server 18.04LTS
Port 80 is always redirected to host port 80.

The cert was generated using this addon months ago.

Here is the log:

starting version 3.2.4
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /data/letsencrypt/renewal/mydomain.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator standalone, Installer None
Attempting to renew cert (mydomain) from /data/letsencrypt/renewal/mydomain.conf produced an unexpected error: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(‘<urllib3.connection.VerifiedHTTPSConnection object at 0x7fb848c97490>: Failed to establish a new connection: [Errno -3] Try again’,)). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/data/letsencrypt/live/mydomain/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

All renewal attempts failed. The following certs could not be renewed:
/data/letsencrypt/live/mydomain/fullchain.pem (failure)

Is there a easy way to add the option --dns 1.1.1.1 (or any other dns server) to the command line of this addon?

2

Solved in a few minutes!

This is an issue with Docker and Ubuntu Bionic (more specific the Systemd resolved daemon).

Run this:

sudo echo ‘{“dns”: [“8.8.8.8”, “8.8.4.4”]}’ > /etc/docker/daemon.json
Reboot your machine and it should be fixed in most cases.

3

Looks like your quote marks got messed up. Should be:

sudo echo '{"dns": ["8.8.8.8", "8.8.4.4"}' > /etc/docker/daemon.json
1 Like
4

Indeed, they got messed up

5

@foraster how can you tell if this isn’t working from docker? I’m not familiar with how to “login” to the hassio docker image.

6

I’m afraid that this addon does not run for enough time to be able to log in into the image for futher investigation. My issue was motivated because I couldn’t renew a certificate, and after reporting the issue in Github, the creator of the addon gave the solution.

7

@foraster what version are you using? HA or hassio?

8

I’m using hassio

9

@foraster

I created that file and rebooted and now the docker daemon isn’t starting. Do you think it matters if I didn’t even install LE yet?

10

Can’t tell with the information you are giving.
Let’s encrypt is an addon to hassio. When you enable the certificate you’ll have to change your configuration.
Take a look at the logs you have avaliable. If the docker daemon doesn’t start it must be writing a log somewhere. Check your distro docker docs.

If your think it’s caused by another component or installation issue, better open a new topic

11

@foraster how did you install hassio? Did you flash an SD card? I’ll try and get some log files

12

I followed the instructions on the docs. My setup is running on a PC.

If you are working with a Raspberry Pi make sure to choose the right image: https://www.home-assistant.io/hassio/installation/

13

Are you running on a VM?

14

Yes, but only for future portability and disaster recovery strategy. If I had another rpi3 in hand HA would run there