Still learning Home Assistant and a bit confused on how certificates work with HA OS. I appreciate any help that you can provide and/or direct me to.
My certificate expired on the 5th of January. The Lets encrypt addon log says that my certificate is not yet due for renewal. (Check the end of this message for this log file)
My domain is:haos.koehn.us
I ran this command: N/A, I am not sure if I can run a command. Please advise.
It produced this output: N/A
My web server is (include version). Nginx Proxy Manager - Current version: 0.12.3
The operating system my web server runs on is (include version): Home Assistant OS
My hosting provider, if applicable, is: Local Internet Provider. I have a static IP for the HA
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No. I do all through the Home Assistant Web page.
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): I can't run this command when I ssh into the box. The Home Assistant Let's Encrypt addon says: Let's Encrypt Current version: 4.12.7
When I open the Home Assistant Nginx Proxy Manager Web UI and click on the SSL Certificates. It shows that my domain expired on 5th January 2023, 4:39pm. When I click on the 3 vertical dots and select Renew Now, I get an error that says Internal Error. Reviewing the log file immediately after shows this:
(at the very top of the log)
The NGINX addon Log file shows this at the top:
[1/9/2023] [7:08:24 PM] [SSL ] › error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
Failed to renew certificate npm-6 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-6/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
at ChildProcess.exithandler (node:child_process:400:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1093:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)
There are a lot more lines in this log file between the top error and the last error) it appears to be mostly GET's from my web browser when I load up the page.
At the very bottom of the file:
[1/9/2023] [8:09:56 PM] [SSL ] › error Error: Command failed: certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation
Failed to renew certificate npm-6 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-6/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
at ChildProcess.exithandler (node:child_process:400:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1093:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)
[09/Jan/2023:20:10:44 -0600] - 101 101 - GET https haos.koehn.us "/api/websocket" [Client 192.168.100.1] [Length 92338] [Gzip -] [Sent-to 192.168.100.20] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
[1/9/2023] [8:12:25 PM] [SSL ] › info Renewing Let'sEncrypt certificates for Cert #6: haos.koehn.us
[1/9/2023] [8:12:25 PM] [SSL ] › info Command: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-6" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation
[1/9/2023] [8:12:30 PM] [Express ] › warning Command failed: certbot renew --force-renewal --config "/etc/letsencrypt.ini" --cert-name "npm-6" --preferred-challenges "dns,http" --no-random-sleep-on-renew --disable-hook-validation
Saving debug log to /data/logs/letsencrypt/letsencrypt.log
Failed to renew certificate npm-6 with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/npm-6/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /data/logs/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
This the the log from the Lets Encrypt addon:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[09:58:03] INFO: Selected http verification
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal
Certificate not yet due for renewal; no action taken.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped