Auto renew in Home Assistant

corbrink · May 29, 2023, 8:28am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: corbrink.cc

My web server is (include version): Home Assistant

The operating system my web server runs on is (include version): Radian

Is there a tutorial / method to run auto renew in home assistant?

danb35 · May 29, 2023, 10:44am

The same tutorial that told you how to set up the certificate in the first place, most likely. How did you issue the cert?

corbrink · May 29, 2023, 11:24am

Unfortunately not. Setup done with the home assistant let's encrypt addon. There is no automated renew setting or description that I can find.

danb35 · May 29, 2023, 11:29am

You mean this one?

github.com

home-assistant/addons/blob/master/letsencrypt/DOCS.md

# Home Assistant Add-on: Letsencrypt

## Installation

Follow these steps to get the add-on installed on your system:

1. Navigate in your Home Assistant frontend to **Settings** -> **Add-ons** -> **Add-on store**.
2. Find the "letsencrypt" add-on and click it.
3. Click on the "INSTALL" button.

## How to use

To use this add-on, you have two options on how to get your certificate:

### 1. HTTP challenge

- Requires Port 80 to be available from the internet and your domain assigned to the externally assigned IP address
- Doesn’t allow wildcard certificates (*.yourdomain.com).

### 2. DNS challenge

This file has been truncated. show original

Probably because it's, well, automated--there's nothing for you to configure. But a better place for your question would be one of the support resources linked on that page.

corbrink · May 29, 2023, 11:43am

Thank you for the reply. I tried the local support forums, no luck as yet. It is automated in the sense that the SSL cert is created and valid for 3 months. So every 3 months I need to repeat the process. That is what I'd like to automate. Thanks.

Osiris · May 29, 2023, 11:52am

If that addon doesn't have any renewal automation, that's really sh*tt*. But not something we can do about I'm afraid.

danb35 · May 29, 2023, 11:58am

Are you sure about that? I don't use that plugin for HA (I use the Cloudflared plugin, which means Cloudflare handles the certs), but I'd be really surprised if it were that brain-dead. So do you know that the plugin doesn't automate renewal, or do you just not know that it does?

But these posts on the HA forum look relevant:

corbrink · May 29, 2023, 12:07pm

I also use Cloudflared plugin. Does this mean that if I use Cloudflared plugin and do not need the Let's Encrypt cert?

Osiris · May 29, 2023, 12:33pm

When using the "letsencrypt" HA addon, you can use multiple DNS providers (including Cloudflare DNS), but in the end you're still using the "letsencrypt" HA addon.

Not sure what @danb35 means exactly by "I use the Cloudflared plugin", maybe Cloudflare - Home Assistant which is entirely different than the "letsencrypt" addon. The "cloudflare " integration (which is something different than an "addon", HA doesn't use the term "plugin") is more of a dynamic DNS integration for when you're using Cloudflare DNS. This is also separate from letting Cloudflare handle the certificates, as that would imply using the Cloudflare CDN feature.

I'd like to encourage everyone on this Community to use the proper terminology

corbrink · May 29, 2023, 12:53pm

So I understand it that letsencrypt HA addon does the encryption from my HA server to Cloudflare and Cloudflare does the encryption from Cloudflare to my HA server or to whoever is logged in to my HA server.

Osiris · May 29, 2023, 12:54pm

No.

The "letsencrypt" addon only uses Cloudflare, if configured as such, to perform the challenge using the Cloudflare DNS to get a certificate. Nothing more, nothing less.

corbrink · May 29, 2023, 1:01pm

Thanks

danb35 · May 29, 2023, 10:58pm

Yes, that's what I get for going from memory. What I'm using is the Cloudflared add-on, which creates a secure tunnel between your HA installation and Cloudflare's network. This in turn takes care of a few things:

Since there's a permanent connection between your HA system and Cloudflare's network, there's no need to forward ports to your HA system. in order to make it remotely accessible
This also removes the need for any sort of dynamic DNS
And the one I initially mentioned, that Cloudflare now takes care of obtaining and renewing any certs for your installation--there's no need for any Let's Encrypt integration with your HA system.

mamaji77111 · May 30, 2023, 4:07pm

Setup traefik and let it take care of it. I've not had to renew my certificate manually in over 2 years now, all done automatically when it's gets to 30 days or something? I remember watching carefully at the beginning but now it just works so I don't even check!

corbrink · May 30, 2023, 5:05pm

@mamaji77111 Traefik? Is it a addon? Can't find it. Please let me know.
Thanks

system · June 29, 2023, 5:06pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.