Lets encrypt is failing on my home assistant

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: haag.gomworx.net

I ran this command: Let's encrypt addon (Home assistant)

It produced this output:
[19:10:47] INFO: Selected http verification
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for haag.gomworx.net

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: haag.gomworx.net
Type: unauthorized
Detail: 94.110.117.103: Invalid response from http://haag.gomworx.net/.well-known/acme-challenge/XXXXXXXXXXXXX 404 (the XXXX is something else but I don't know if it's dangerous to share)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

My web server is (include version): No idea

The operating system my web server runs on is (include version): Home assistant Green ?

My hosting provider, if applicable, is: my garage

I can login to a root shell on my machine (yes or no, or I don't know): I am admin

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No (no site its a portal of home assistant)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): latest one from home assistant addons.

on letsdebug.net it show everything should be OK.

My Steps :
Get domain linked to my home -> open the correct port(80) and link it to another internal port.
everything is working from accessing it when using the HA app , I just can't get the certificate working and i'm kind of lost what to do next.

2

The --standalone option requires exclusive use of port 80. In this mode Certbot opens that port and replies to the HTTP challenge request that will come from the Let's Encrypt server.

The "404" (http Not Found) means something else replied to that HTTP request.

Whatever is replying must be stopped before using --standalone. Or choose a different method like --webroot and coordinate it with that.

Usually the Let's Debug test will fail for people who need to use --standalone. We then suggest a different way to test --standalone.

It is not dangerous to share :slight_smile:

3 Likes
3

Well thats very strange.

Because its the only port I opened on my router.

Couldn't it be something else?

4

Yes, but something is listening and replying to HTTP requests on that port. And, it is not the Certbot --standalone listener.

In fact, an HTTP request right now shows this. Probably why a request for the HTTP challenge gets a 404. Is that your router login page? Of something for Home Assistant?

I couldn't find any docs on their site that describes how their add-on for Let's Encrypt should work. Do you have a link of their instructions?

image
image1455×1389 147 KB

3 Likes
5

Maybe their cert renewal script stops the Home Assistant and then runs certbot in standalone mode...

Can we have a look at the script?

1 Like
6

Maybe but their original error was a 404. That is nearly impossible with the stand alone properly running

2 Likes
7

It should Bé this link : https://github.com/home-assistant/addons/blob/master/letsencrypt/README.md

And it is indeed thé home assistant Page which I linked to port 80 .

8

Agreed; Something must have gone wrong.
But we first need to understand how it is supposed to go right.
To that end, I'd like to see the script, and maybe, start understanding...

2 Likes
9

Where were the instructions that described doing that?

I found the back end script it uses but it is not very helpful. This really is just a home assistant configuration problem. Maybe someone here with expertise with that product could help easily. But otherwise you may be better off just asking at their support forum. They should know why that would happen.

2 Likes
10

Here it says both the HTTP-01 challenge and the DNS-01 challenge are supported;
the DNS-01 challenge does not need Port 80 access.

Which is here :https://community.home-assistant.io/

2 Likes
11

I will go hear at the home assistant board.

I can't use the DNS setting because my DNS provider isn't in the list (dynadot)

12

There are other ways to use DNS authentication.
One way is to CNAME the TXT records to another DNS provider OR even to your own IP [and handle the DNS request "yourself"].

3 Likes
13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.