Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
I ran a service to run a tts test which produces an mp3 file stored in a folder inside my homeassistant and while in other media devices the service runs fine (for example on any chromecast device) it never runs on my Sonos. Produciing:
It produced this output: "the file âxxxxx.mp3â couldnât be played - the connection to mydomain.synology.me was lost.
My web server is (include version):Inside my synology DS216+, I use docker for HA
The operating system my web server runs on is (include version):DS6.xx (latest)
My hosting provider, if applicable, is: not applicable (synology)
I can login to a root shell on my machine (yes or no, or I donât know): Yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel):synology and home assistant 0.60 with latest version of docker.
My certificate works fine to access my home assistant site. But my issue is with Sonos as it seems Sonos does not validate Letâs Encrypt certificates as it is not in their CA validated list. And the thing is when I call a TTS service, to test this functionality, the mp3 file is correctly created and stored and if I send it to other media players like Chromecast, it plays fine. However, if I send it to a Sonos I get the message: âfile xxxxx.mp3 couldn´t be played - connection with mydomain.synology.me was lostâ and from github it seems that is due to the letâs encrypt certificate. Could you please help me making it work as it should??. Thanks in advance.
Thank you very much for your answer. I looked for it here: http://musicpartners.sonos.com/node/339
I didnât know LetâsEncrypt certificates were âDST root X3 typeâ and hence I thought it was not listed.
So, that probes I was wrong, my apologies for my ignorance in the subject. Now, I still have the problem and no idea how to solve it. I indeed have asked sonos support why was this happenning but I still have no answer.
Anyway, thanks again and if someone could have any idea of what could be happening in my setup, please, let me know.
OK, now I would like to ask you because I am not sure of how to do this: Iâve been told that even if Letâs Encrypt is DST root X3 type, Sonos needs to verify the full chain or route of the certificates.
My site for Home assistant is a DDNS site from synology: myname.synology.me and I got from my Synology the Letâs Encrypt certificate.
So from Letâs Encrypt Iâve got these files:
cert.pem
chain.pem
privkey.pem
So I was thinking that joining in one alone certificate the cert.pem and chain.pem content I would be able to accomplish what Sonos validation needs. So I did it this way:
-----BEGIN CERTIFICATE-----
Content of file cert.pem from Lets Encrypt
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Content of file chain.pem form Lets Encrypt
-----END CERTIFICATE-----
If I save it as a .cer file and open it, it is a valid certificate and shows this certification route:
DST Root CA X3â>LetsEncrypt Authority X3 -->myname.synology.me (seems what I wanted to get for the Sonos problem)
However, my problem now is that if I use this new certificate for my Home Assistant site, it doesnât run, it does not load to start. Maybe the changes I made need a new private key. I really donât know because Iâm really noob at all these. Please help me and tell me if thereâs an easy way to accomplish these. Now I seem close to get it but not yet. Thanks in advance, and happy Christmas!!
If both those SHA256 hashes are identical then you have the right private key/certificate combo.
Most Letâs Encrypt clients rotate the private key on renewal, so you will need to copy it along with the new certificate every time it is renewed.
Otherwise, you do seem to be doing the right thing according to Home Assistantâs documentation. Are there any errors in home-assistant.log pertaining to openSSL, TLS, or certificates?
Thanks for your answer. I checked that both hashes were the same and then it was something to be with the file. It seems that the paths in HA when installed in docker for the privkey and for the certificate are different and it was not finding my new cert where it should be (the old one was in 2 different folders and thus was working. Now everything solved! Thank you very much!!