I'm trying to enable https on my Home Assistant server using the Let's Encrypt addon. The certbot fails to make a connection to port 80, but when I manually try to connect to it during the authentication process I first get a 404 status, but after a while a 200 status message comes available for a short time (ACME client standalone challenge solver).
The Let's Debug page shows an All OK status for my server.
Why is the log showing a 404 error, although i can reach port 80 on the server manually?
My domain is:
http://homeassistant.aclicteur.be/
It produced this output:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[18:47:57] INFO: Selected http verification
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for homeassistant.aclicteur.be
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: homeassistant.aclicteur.be
Type: unauthorized
Detail: 178.119.81.60: Invalid response from http://homeassistant.aclicteur.be/.well-known/acme-challenge/P3I3RfPFcW-y7m10K0fDdSC2V-1BTgCRvtmWEtF_-_0: 404
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
I can't seem to find the config in Home Assistant, nginx command is not found through ssh. In Home Assistant I configured Let's Encrypt to use port 5080, during authentication I can reach this port manually without issues.
I acces Home Assistant trough a reverse proxy on my NAS, this is the config for this proxy:
Thanks, I included the domain in Let's Encypt in the proxy server, but now I get a 403 error. I enabled the necessary http entries in Home Assistant, but I am wondering if I am forgetting something? Do I need additional trusted proxies? Do I have to link to the ssl certificate and key in Home Assistant to enable https traffic? They now reside in my NAS, do I have to upload them to my Home Assistant server?
# Home Assistant configuration:
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.1.0/24
It has, all subdomains as well as the top level domain have certificates in my NAS. Other devices are perfectly accessible through https with the reverse proxy from the NAS, only Home Assistant gives an error.
I already had a gut feeling https was a bit more complicated...
Thanks for your help. I manage to access Home Assistant using http as the reverse proxy protocol, https keeps giving a 403 error. Guess I just have to be happy with what I can get working.