WTH Why is it so complicated to get Let's Encrypt certificate renewal automated

mrbrown · December 13, 2024, 6:08am

First, I love Home Assistant. It’s not just the tech, but also the awesome community that you have built.

I have managed to get my Let’s Encrypt renewal running automatically using an integration to obtain the certificate expiry date and then used a Blue Print to create an automation. It would be great if this was just configured in the Let’s Encrypt Addon.

ShadowFist · December 13, 2024, 7:59am

I guess it depends what Addon you’re using for Let’s Encrypt.

I use the DuckDNS addon (which has LE built in) and it automatically renews the certificate:

 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Jan 11 12:00:27 2025 GMT (Less than 30 days). Renewing!

WallyR · December 13, 2024, 9:17am

When you use DuckDNS you usually run a reverse proxy in front, which is the one holding and using the certificate.

When you use the certificate directly in HA it will be HA itself that holds and use the certificate.

It is the part that hold and use the certificate that needs to be released on a certificate renewal.

Reloading the reserve proxy has little impact on your setup and can be done with automations with little worries.

Reloading HA is a lot more interrupting and it can have implications doing it with an automations, because of there will be none of the ordinary checks done when manually reloading.

A service call to reload the certificate only would be a good solution.

mrbrown · December 17, 2024, 10:29pm

I’m referring to the “Let’s Encrypt” add-on.

It has no way to schedule renewal (in my case using Cloudflare DNS). I have setup the “Certificate Expiry” integration to get the certificate expiry date, which is used by an automation created by the “Renew Let’s Encrypt Certificate” blueprint. It would be great if the Let’s Encrypt add-on itself was able to do this.

AleXSR700 · December 17, 2024, 11:14pm

I would make the question even broader and ask “Why is it so complicated to get https access in general”.

Addons are only available in a few installation methods, but not all. And in all others, where there is not addon, getting https up and running can be quite a challenge.

pbmax444 · December 18, 2024, 1:52am

Watch this youtube tutorial, it worked perfectly for me.