Trouble getting cert for Home Assistant


#1

Hello everyone. I am running docker on a Ubuntu 16.04 server. I’m trying to get a cert for my Home Assistant instance but I keep getting this error:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mcelroy-home.duckdns.org
   Type:   connection
   Detail: Fetching
   http://mcelroy-home.duckdns.org/.well-known/acme-challenge/SI55_-5annVg3DT1InySMNDtXDJmgl6a8-hXZQiZC7E:
   Timeout

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

I have port 80:80 and 443:443 but still no luck. Does anyone have any ideas?


#2

Yes, I have an idea.

Please post a lot more information about HOW you’re trying to get a certificate. So you’re running docker. And you’re trying to get a certificate for HA. But HOW? Which commands are you running? How is the docker instance set up? Which client?

We need a lot more information, because crystal globes are a myth.


#3

I can’t connect to http://mcelroy-home.duckdns.org/ either.

Are you sure you and your ISP aren’t firewalling it?


#4

I am running this command:

sudo certbot certonly --standalone --preferred-challenges http -d mcelroy-home.duckdns.org

I have both port 80 and 443 open on my router, and I am using docker compose to start everything up. Sorry I am a complete noob at all of this stuff so I’m not very good at explaining everything!


#5

I have turned off all firewalls. For some reason when I forward port 8123 I can reach it by http://mcelroy-home.duckdns.org:8123 out side of my network.


#6

Here is my docker compose:

version: "2"

services:
  portainer:
    image: portainer/portainer
    container_name: portainer
    restart: always
    command: --templates http://templates/templates.json
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/docker/portainer/data:/data
    ports:
      - "9000:9000"
    environment:
      - TZ=America/New_York

  homeassistant:
    container_name: home-assistant
    restart: always
    image: homeassistant/home-assistant:latest
    devices:
      - /dev/ttyUSB0:/dev/ttyUSB0
      - /dev/ttyUSB1:/dev/ttyUSB1
      - /dev/ttyACM0:/dev/ttyACM0
    volumes:
      - /home/docker/homeassistant:/config
      - /etc/localtime:/etc/localtime:ro
      - /home/docker/certs:/certs
    ports:
      - "8123:8123"
    network_mode: host
    privileged: true
    environment:
      - PUID=1000
      - PGID=999
      - TZ=America/New_York

#7

Are you also using the certbot docker image or do you use certbot some other way?


#8

No I am not using the certbot image. I manually installed certbot and made the directories needed.


#9

I guess it’s still a portmap/firewall/ISP problem. I can’t connect to your Home Assistant on port 8123.


#10

Sorry I was disabling ufw on the ubuntu machine. Should be able to connect to it now as I am able to.


#11

I can connect to HA indeed.

Does certbot work now too?

I’m not getting a connection refused error when trying to connect. This would normally happen when there isn’t a server (webserver or certbot) running on a specific port. In stead I’m getting a time out.

Could it be port 80 is being blocked by your internet service provider?


#12

Still getting timed out when running certbot. I guess its time to call my ISP and see if they are blocking port 80!


#13

Or perhaps try this: https://www.home-assistant.io/blog/2017/09/27/effortless-encryption-with-lets-encrypt-and-duckdns/

Or, if you’re not (willing to) use(ing) Hass.io, the source blog post can be found here (also linked in the post above by the way): https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt


#14

Thank you I’ll give that a go. I appreciate all your help!


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.