Home assistant and let's encrypt don't work

gabriele_m · June 23, 2024, 7:36pm

Hi there, I'm new to this community. I'm trying to switch my home assistant to https but it looks impossible. When I run let's encrypt add-on with http challenge, log say:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: ha.gabrielemattioli.eu
Type: unauthorized
Detail: : Invalid response from http://ha.gabrielemattioli.eu/.well-known/acme-challenge/v25tNi-6LYpCz3HO_7_dIBahUyj_JjNFh1kxGjSvO-4: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Furthermore, I opened my 80 port and I redirected request from that port to my local ip of home assistant. When I digit my ip on browser bar, without specifying the port (so port 80) appear this message:

Could anyone help me? Thank you.

Bruce5051 · June 23, 2024, 7:47pm

Hello @gabriele_m, welcome to the Let's Encrypt community.

Let’s Encrypt offers Domain Validation (DV) certificates, not IP Address certificates presently. The screen shot you are showing is using an IP Address and will generate a warning for most web browsers, and correctly so.

Did you stop the web server prior to running Certbot?
As Certbot will require exclusive access to Port 80 for that command.

Using the online tool Let's Debug yields these results https://letsdebug.net/ha.gabrielemattioli.eu/2054526 "OK"

You only have Port 80 Open and Port 443 Filtered (i.e. blocked).

$ nmap -Pn -p80,443 ha.gabrielemattioli.eu
Starting Nmap 7.80 ( https://nmap.org ) at 2024-06-23 19:44 UTC
Nmap scan report for ha.gabrielemattioli.eu (77.240.232.174)
Host is up (0.17s latency).
rDNS record for 77.240.232.174: u-5m-77-240-232.4bone.mynet.it

PORT    STATE    SERVICE
80/tcp  open     http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.57 seconds

Using this tool Open Port Check Tool - Test Port Forwarding on Your Router

gabriele_m · June 23, 2024, 7:49pm

Thanks for your answer, but I still don't know what to do. I'm not trying to certificating an ip adress but my personal domain, so I don't know what to do.

Bruce5051 · June 23, 2024, 7:53pm

@gabriele_m can you answer the above question?

gabriele_m · June 23, 2024, 7:53pm

No, I did not, how can I do that?

Bruce5051 · June 23, 2024, 7:55pm

@gabriele_m that questions is better suited to the
Home Assistant forum here: https://community.home-assistant.io/

gabriele_m · June 23, 2024, 7:57pm

So I just need to shut down home assistant temporally right?

Bruce5051 · June 23, 2024, 7:58pm

Yes! Prior to running Certbot shut it OFF, after Certbot is done running and successfully retrieved the issued certificate turn it back ON.

gabriele_m · June 23, 2024, 7:59pm

Ok, but how can i shut down home assistant without stop certbot? I use home assstant OS on proxmox so I do everything from HA. As I said before I use let's encrypt add on.

Bruce5051 · June 23, 2024, 8:01pm

Does Home Assistant require the

The webroot authenticator would most likely be easier.

gabriele_m · June 23, 2024, 8:03pm

Sorry, I didn't catch, could you explain widely?

Bruce5051 · June 23, 2024, 8:05pm

Standalone Certbot spins up its own (temporary) server to serve the HTTP-01 Challenge's response and then shuts down, all on Port 80.

While webroot uses the existing running webserver to serve the response.

Osiris · June 23, 2024, 8:05pm

When I surf to http://ha.gabrielemattioli.eu/, I'm getting a "405 method not allowed" response. Are you running Home Assistant directly on port 80 or are you using some reverse proxy in between?

@Bruce5051 They're not running Certbot themselves, but the HA addon is using it internally..

gabriele_m · June 23, 2024, 8:06pm

Hi, are you sure? When I open that I see home assistant login. Yes, I'm running home assistant directly on port 80.

Bruce5051 · June 23, 2024, 8:07pm

Thank you @Osiris as always!
I'll sit on the sideline now.

Osiris · June 23, 2024, 8:07pm

Apparently, HA doesn't like the "HEAD" HTTP method (compared to GET).. With GET it works indeed.

Anyway, I don't know why the HA addon doesn't work.. How did you configure it?

gabriele_m · June 23, 2024, 8:08pm

Osiris · June 23, 2024, 8:13pm

Aha, using the GUI.

I believe your DNS provider is GoDaddy, right? That's unfortunate, as GoDaddy recently restricted usage of their DNS API to users with certain perks/money spend et c. Most users don't have API access any longer. So you're probably stuck with using the http-01 challenge you're currently using.

I don't understand why your HA addon is resulting in a 404 though. There's really not much to configure, the addon should do all the work.

Maybe one of the support channels of the addon listed at addons/letsencrypt/DOCS.md at master · home-assistant/addons · GitHub might know?

gabriele_m · June 23, 2024, 8:15pm

Should I try with dns challenge instead?

Bruce5051 · June 23, 2024, 8:29pm

That would require the DNS be hosted not at GoDaddy.

Topic		Replies	Views
Lets encrypt is failing on my home assistant Help	12	105	November 28, 2024
Home Assistant Let's Encypt failing Help	10	3956	October 30, 2022
Issues generating a Let's Encrypt certificate Help	18	192	November 19, 2024
Let´s Encrypt : HomeAssistant : Download failed Help	4	1180	February 12, 2023
Home Assistant and CertBot Help	15	9388	October 28, 2020

Home assistant and let's encrypt don't work

Related topics