Home Assistant Supervised OS and Let's Encrypt

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
bloomc.us

I ran this command:
Within Home Assistant I ran configured the Let's Encrypt add-on with the following values:
domains:

  • "*.bloomc.us"
    email: oliverwjones@mailfence.com
    keyfile: privkey.pem
    certfile: fullchain.pem
    challenge: dns
    dns:
    provider: dns-cloudflare
    cloudflare_api_token:

It produced this output:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[18:19:13] INFO: Selected DNS Provider: dns-cloudflare
[18:19:13] INFO: Use propagation seconds: 60
[18:19:13] INFO: Use CloudFlare token
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.bloomc.us
Waiting 60 seconds for DNS changes to propagate

Successfully received certificate.
Certificate is saved at: /data/letsencrypt/live/bloomc.us/fullchain.pem
Key is saved at: /data/letsencrypt/live/bloomc.us/privkey.pem
This certificate expires on 2023-10-22.
These files will be updated when the certificate renews.
NEXT STEPS:

  • The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See User Guide — Certbot 2.6.0 documentation for instructions.

If you like Certbot, please consider supporting our work by:


s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

My web server is (include version):
Home Assistant 2023.7.3
Supervisor 2023.07.1
Frontend 20230705.1 - latest

The operating system my web server runs on is (include version):
Debian 12

My hosting provider, if applicable, is:
My DNS provider is Cloudflare.

I can login to a root shell on my machine (yes or no, or I don't know):
Yes.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
I use Home Assistant's web interface to manage Home Assistant.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't know the answer to this question.

I am trying to get Home Assistant to see my Cloudflare certificate. The output above looks to be successful, but I don't know anymore. I would like to know what else I need to do to get Home Assistant to work correctly. I have my router port forwarding port 8123/TCP to my Home Assistant server.

When I try to go to the home page for Home Assistant from the Internet I get "net::ERR_ADDRESS_UNREACHABLE".

Please let me know what other information you need from me.

Thank you.

Oliver.

Hi @oliverwjones, and welcome to the LE community forum :slight_smile:

This is usually what the goal of this community is [getting a certificate]:

The problem at hand seems to be within Home Assistant.
Until someone here who has had relevant experience....
It would make sense to also open a ticket with HA.

3 Likes

Hi @oliverwjones,

What is that address? Is it via Cloudflare or directly? Is it a public or a private IP address?

2 Likes

You have the DNS proxied in Cloudflare. This means you are using it's CDN. It also sounds like you are using non-standard ports. Cloudflare only supports a limited number of ports when proxied.

See the below Cloudflare doc and its forum is a better place if that's the problem

5 Likes

Thank you, rg305.

My next stop is Home Assistant forums.

Oliver.

2 Likes

My public IP address is currently 75.87.136.207, schoen.

Thank you, MikeMcQ. I will see what I can glean from this documentation.

I appreciate your help.

Oliver.

3 Likes

There is apparently a firewall of some kind that prevents HTTP connections from the Internet to this address. This could be your ISP, your home router, or (somewhat less likely) a firewall on your server itself. Allowing incoming connections from outside of your home network is something you'll probably have to figure out before you continue attempting to obtain Let's Encrypt certificates.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.