[SOLVED] Letsencrypt (Cerbot) + Home Assistant

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
vnguyen972
Posts: 2
Joined: Sun Sep 09, 2018 11:49 pm

[SOLVED] Letsencrypt (Cerbot) + Home Assistant

Post by vnguyen972 »

So I got my DietPi freshly installed and got Home Assistant up and running. My next step would be setting up Letsencrypt for my HA. I already have a duckdns domain so I installed Certbot and generate certificate with letsencrypt. Everything seems to work and I see the pem files in letsencrypt "live" folder.

so I followed the instruction at:
https://www.home-assistant.io/blog/2015 ... s-encrypt/

but I cannot access my HomeAssistant after the reboot.

I have port 80 -> 80 (for certification generation/updates), port 443->8123 for Home Assistant

But when I hit https://mydomain.duckdns.org, I can't get to HA at all , instead it shows me the lighttpd welcome page...

I'm guessing because I have lighttpd webserver running... but it still doesn't work when I stop that lighttpd service.

Any one could help me out?
Last edited by vnguyen972 on Mon Sep 10, 2018 1:22 am, edited 1 time in total.
vnguyen972
Posts: 2
Joined: Sun Sep 09, 2018 11:49 pm

Re: Letsencrypt (Cerbot) + Home Assistant

Post by vnguyen972 »

I figured out.
- HA user couldn't read the SSL files

All good now. Thanks :)
helio58
Posts: 19
Joined: Tue Jun 06, 2017 8:02 pm

Re: [SOLVED] Letsencrypt (Cerbot) + Home Assistant

Post by helio58 »

Please could you specify what you did?
Thanks
User avatar
MichaIng
Site Admin
Posts: 2281
Joined: Sat Nov 18, 2017 6:21 pm

Re: [SOLVED] Letsencrypt (Cerbot) + Home Assistant

Post by MichaIng »

It should be about the permissions to read the private SSL key: /etc/letsencrypt/live/domain.org/pkey.pem

By default this can be only read by root user for security reasons. All software run users which want to use this certificate + key for HTTPS need to have read permissions on those files.

It is no good idea to simply make them world readable, it think best (security vs useability) is to create a ssl group, add the related user(s) to this group and chown the files accordingly.
Post Reply