[SOLVED] Letsencrypt (Cerbot) + Home Assistant

General Discussion
1

So I got my DietPi freshly installed and got Home Assistant up and running. My next step would be setting up Letsencrypt for my HA. I already have a duckdns domain so I installed Certbot and generate certificate with letsencrypt. Everything seems to work and I see the pem files in letsencrypt “live” folder.

so I followed the instruction at:
https://www.home-assistant.io/blog/2015/12/13/setup-encryption-using-lets-encrypt/

but I cannot access my HomeAssistant after the reboot.

I have port 80 → 80 (for certification generation/updates), port 443->8123 for Home Assistant

But when I hit https://mydomain.duckdns.org, I can’t get to HA at all , instead it shows me the lighttpd welcome page…

I’m guessing because I have lighttpd webserver running… but it still doesn’t work when I stop that lighttpd service.

Any one could help me out?

2

I figured out.

  • HA user couldn’t read the SSL files

All good now. Thanks :slight_smile:

3

Please could you specify what you did?
Thanks

4

It should be about the permissions to read the private SSL key: /etc/letsencrypt/live/domain.org/pkey.pem

By default this can be only read by root user for security reasons. All software run users which want to use this certificate + key for HTTPS need to have read permissions on those files.

It is no good idea to simply make them world readable, it think best (security vs useability) is to create a ssl group, add the related user(s) to this group and chown the files accordingly.