Unable to get letsencrypt certificate on Synology NAS

its · January 15, 2018, 4:47am

I am trying to setup letsencrypt on synology for SSL following the guide here

Currently at Installing TLS/SSL using Let's Encrypt - Community Guides - Home Assistant Community

Now what I have done on my router forwarded 80 and 443 to 8123 to my homeassistant IP

I am not using duckdns but another service. I am able to open the following combination which goes to my HA landing page

https://mydomain.com:8123 or https://mydomain.com doesn’t work atm

The commands seems a bit outdated on the page so I have done the following

docker run -it --rm -p 8080:80 --name certbot
-v “/etc/letsencrypt:/etc/letsencrypt”
-v “/var/lib/letsencrypt:/var/lib/letsencrypt”
certbot/certbot:latest certonly
–standalone --preferred-challenges http-01
–email [email protected] -d mydomain.com

It fails with the following

Failed authorization procedure. mydomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.com/.well-known/acme-challenge/XXXXXXXXXXXXX [IP]: 404

the page doesn’t open

I couldnt find the .well-known directory and also I know my port forwarding and 8080 is totally screwed up as I have my mind twisted over it

What all do I have wrong here?

Thanks

flamingm0e · January 15, 2018, 6:18am

If you have the ability to add a txt record to your domain, look at DNS authentication instead of http

its · January 15, 2018, 6:25am

Doesn’t… if i can’t get above to work then will look at a different provider… but would prefer to stick to current one

its · January 15, 2018, 9:58am

Well now I am using duckdns for testing and after using dehydrater i get an error

2018-01-15 20:17:29 ERROR (MainThread) [homeassistant.config] Invalid config for [http]: not a file for dictionary value @ data[‘http’][‘ssl_certificate’]. Got ‘/volume1/homeassistant/config/ssl/fullchain.pem’
not a file for dictionary value @ data[‘http’][‘ssl_key’]. Got ‘/volume1/homeassistant/config/ssl/privkey.pem’. (See /config/configuration.yaml, line 27). Please check the docs at HTTP - Home Assistant

HA runs as root in synology docker and tried different locations and all chmod / chown options I think

andrewdolphin · January 15, 2018, 11:42am

Your file location is likely to be

/config/ssl/privkey.pem

From within the docker

tmjpugh · January 15, 2018, 1:52pm

To do certbot http authentication you should not have 80 and 443 pointing to HA

This should point to hostserver/certbotfolder or something similar. Certbot should have read/write access to folder. What happens is certbotfolder places file on server via 80 then checks via 443 for file.

I use nginx in front of server and 80 and 443 go there.
I then use nginx config file to determine where incoming 80 and 443 requests go. When renew domains, config file temporary Change so all request for all I domain go to certbot…then change back after renew (10-20 second downtime). Not needed for you but just extra info. If you forward 80 and 443 to certbot read/writeable folder it will be enough

its · January 15, 2018, 8:11pm

I tried that as well

2018-01-16 07:08:32 ERROR (MainThread) [homeassistant.config] Invalid config for [http]: not a file for dictionary value @ data[‘http’][‘ssl_certificate’]. Got ‘/config/ssl/fullchain.pem’
not a file for dictionary value @ data[‘http’][‘ssl_key’]. Got ‘/config/ssl/privkey.pem’. (See /config/configuration.yaml, line 27). Please check the docs at HTTP - Home Assistant
2018-01-16 07:08:32 ERROR (MainThread) [homeassistant.setup] Setup failed for http: Invalid config.

Thanks… I have gone DNS way instead for the ease…

andrewdolphin · January 15, 2018, 8:24pm

Okay. What is your volume/mount section in your homeassistant docker config and what is the full path of the ssl cert/key?

its · January 15, 2018, 10:30pm

Damn… got the cert working…

was a symlink issue… thanks guys