I cannot get HA to see my SSL files. I used dehydrated with bash to create the certificates but can’t see to find the right syntax to allow HA to see the file:
api_password: mypassword
base_url: domain.duckdns.org:8123
ssl_certificate: ‘C:\dehydrated\certs\domain.duckdns.org\fullchain.pem’
ssl_key: ‘C:\dehydrated\certs\domain.duckdns.org\privkey.pem’
did you get this to work?
No, i bought a RPI3 and installed HASSIO.
I was able to get this working. I was using WACS https://github.com/PKISharp/win-acme which was working fine to get the certificate as a pfx, install it to the local Windows Certficiate Store and even setup IIS bindings with the certificate and setup renew scheduled task. I couldn’t figure out how to get the pem files. I finally figured out that they were being stored in the ProgramData folder. I then just had to set these as below (note don’t use single quotes or quotes around the file paths)
ssl_certificate: C:\ProgramData\win-acme\httpsacme-v02.api.letsencrypt.org\mydomain-crt.pem
ssl_key: C:\ProgramData\win-acme\httpsacme-v02.api.letsencrypt.org\mydomain-key.pem
Hey,
was trying to follow your lead, couldn’t figure out how to install the certificate using WACS. Do you have to have IIS running on your windows machine?
You don’t have to have IIS. In that case, use the manual host option when setting up your cert.
Here are the command line argument. I actually used the 2.x alpha release and ran it in console without any command line arguments. This walks you through it, and you can lookup any prompts you don’t understand in this wiki as well.
Hello,
Would you mind writing up a guide to get https going on homeassistant on Windows?
I really cannot figure this out…
I would also love a guide to show how to do this
I could not figure it out on windows. Luckily, I’m using a Synology nas which also automates SSL cert with Letsencrypt, so I just copied the certs out of there.
I followed this guide - https://www.home-assistant.io/docs/ecosystem/certificates/lets_encrypt/ but since I have a Windows box, for step 4 I used win-acme to successfully create a certificate. Here’s the transcript (which shows which options I chose) if it’s any use:
D:\Portable Apps\win-acme>wacs.exe
[INFO] A simple Windows ACMEv2 client (WACS)
[INFO] Software version 2.0.9.386 (RELEASE)
[INFO] IIS version 7.5
[INFO] Please report issues at https://github.com/PKISharp/win-acme
N: Create new certificate (simple for IIS)
M: Create new certificate (full options)
L: List scheduled renewals
R: Renew scheduled
S: Renew specific
A: Renew *all*
O: More options...
Q: Quit
Please choose from the menu: m
[INFO] Running in mode: Interactive, Advanced
1: Based on CSR
2: Single binding of an IIS site
3: SAN certificate for all bindings of an IIS site
4: SAN certificate for all bindings of multiple IIS sites
5: Manually input host names
<Enter>: Abort
Which kind of certificate would you like to create?: 5
Enter comma-separated list of host names, starting with the common name: yourdomain.duckdns.org
[INFO] Target generated using plugin Manual: yourdomain.duckdns.org
Suggested FriendlyName is '[Manual] yourdomain.duckdns.org', press enter to accept or type an alternative: <Enter>
1: [dns-01] CNAME the record to a server that supports the acme-dns API
2: [dns-01] Manually create record
3: [dns-01] Run script to create and update records
4: [http-01] Host the validation files from memory (recommended)
5: [http-01] Save file on local or network path
6: [http-01] Upload verification file to WebDav path
7: [http-01] Upload verification files via FTP(S)
8: [http-01] Upload verification files via SSH-FTP
C: Abort
How would you like to validate this certificate?: 4
1: Elliptic Curve key
2: Standard RSA key pair
What kind of CSR would you like to create?: 2
1: IIS Central Certificate Store
2: Windows Certificate Store
3: Write .pem files to folder (Apache, nginx, etc.)
C: Abort
How would you like to store this certificate?: 3
Path to folder where .pem files are stored: C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates
1: IIS Central Certificate Store
2: Windows Certificate Store
3: No additional storage steps required
C: Abort
Add another store plugin?: 3
1: Do not run any (extra) installation steps
2: Run a custom script
Which installation method should run?: 1
[INFO] Authorize identifier: yourdomain.duckdns.org
[INFO] Authorizing yourdomain.duckdns.org using http-01 validation (SelfHosting)
[INFO] Authorization result: valid
[INFO] Requesting certificate [Manual] yourdomain.duckdns.org
[INFO] Store with PemFiles...
[INFO] Exporting .pem files to C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates
[INFO] Installing with None...
[INFO] Adding Task Scheduler entry with the following settings
[INFO] - Name win-acme renew (acme-v02.api.letsencrypt.org)
[INFO] - Path D:\Portable Apps\win-acme
[INFO] - Command wacs.exe --renew --baseuri "https://acme-v02.api.letsencrypt.org/"
[INFO] - Start at 09:00:00
[INFO] - Time limit 02:00:00
Do you want to specify the user the task will run as? (y/n*) - no
[INFO] Adding renewal for [Manual] yourdomain.duckdns.org
[INFO] Next renewal scheduled at 2019-10-13 23:49:36
N: Create new certificate (simple for IIS)
M: Create new certificate (full options)
L: List scheduled renewals
R: Renew scheduled
S: Renew specific
A: Renew *all*
O: More options...
Q: Quit
Please choose from the menu: q
D:\Portable Apps\win-acme>
Then I added the appropriate entries to the ‘http’ section in my configuration.xml, set my router to forward port 443 to port 8123 on the HA server box and it works.
Only problem is that I cannot access HA inside my network using the duckdns URL - I have to use just the server name or IP address.