Closed Eugeniusz-Gienek closed 1 year ago
Confirmed. My guess is that lets encrypt is implemented as container and is not using the configured dns from hass os.
I think I was correct. After I used following command: ha dns options --servers dns://.... --servers dns://
to set my internal server the challange was successful.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
So does the above command fix the issue and it is not an issue or should it be fixed somehow?
I don't think so since the addon doesn't work without setting non default dns options in Hass OS.
Also I struggle with the fact that the addon is not renewing my certificate automatically and requires a manual reboot of my whole kvm instance and firing following command by hand afterwards: addons start core_letsencrypt
I can confirm this issue as well. In my case I already have hass OS's DNS servers set to my internal DNS server (I tried that ha dns options
command at the hass terminal and it didn't fix the issue.. or does the DNS need to be changed at the level of the letsencrypt
docker container, @m4k5ym ?
Nope I just used that command than at least it worked but still the renewal is failing. I think that add-on should be reworked because in my opinion it is not meeting the quality requirements of hass.
I also encountered this, it is a YAML formatting issue. The solution is to edit the addon config in YAML mode (three dots on the top right of the options -> Edit in YAML), and instead of using a '>-' block for acme_root_ca_cert:
acme_root_ca_cert: >-
-----BEGIN CERTIFICATE-----
3bn5k23bn5kjKGGhjk32grk
3bn5k23bn5kjKGGhjk32grk
3bn5k23bn5kjKGGhjk32grk
3bn5k -----END CERTIFICATE-----
use a pipe symbol '|' block:
acme_root_ca_cert: |
-----BEGIN CERTIFICATE-----
3bn5k23bn5kjKGGhjk32grk
3bn5k23bn5kjKGGhjk32grk
3bn5k23bn5kjKGGhjk32grk
3bn5k
-----END CERTIFICATE-----
to preserve formatting and newlines intact, mind the two space indentation to the certificate.
Then the ca file is correctly created internally and certbot is able to read the certificates from it.
I also encountered this, it is a YAML formatting issue. The solution is to edit the addon config in YAML mode (three dots on the top right of the options -> Edit in YAML), and instead of using a '>-' block for acme_root_ca_cert:
acme_root_ca_cert: >- -----BEGIN CERTIFICATE----- 3bn5k23bn5kjKGGhjk32grk 3bn5k23bn5kjKGGhjk32grk 3bn5k23bn5kjKGGhjk32grk 3bn5k -----END CERTIFICATE-----
use a pipe symbol '|' block:
acme_root_ca_cert: | -----BEGIN CERTIFICATE----- 3bn5k23bn5kjKGGhjk32grk 3bn5k23bn5kjKGGhjk32grk 3bn5k23bn5kjKGGhjk32grk 3bn5k -----END CERTIFICATE-----
to preserve formatting and newlines intact, mind the two space indentation to the certificate.
Then the ca file is correctly created internally and certbot is able to read the certificates from it.
Thank You - that worked, finally! Awesome, You are my saviour!
Describe the issue you are experiencing
Dear team, There is an issue with the local CAs. The local CA is usually signed by... this CA, thus the SSL certificate is treated by the SSL library initially as self-signed - e.g. not a trusted one. This leads to inability to setup the plugin with local CA - and yes, I have filled the certificate section with the correct root certificate. The plugin log looks like this:
after that the plugin immediately dies. I have even tried to do the following - pass a certificate itself via /ssl folder and set the global variable REQUESTS_CA_BUNDLE to point to it in the scripts /etc/cont-init.d/file-structure.sh and /etc/services.d/lets-encrypt/run - no luck (however that seemed to work in another container - homeassistant one - when I've installed there via apk the certbot)
I have even managed to get the lets-encrypt log (domains replaced):
Yaml config:
It would be nice if that could be fixed. Or maybe I am doing smth wrong?
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Home Assistant Operating System
Which add-on are you reporting an issue with?
Let's Encrypt
What is the version of the add-on?
4.12.7
Steps to reproduce the issue
System Health information
Currently there is nothing to repair (it is in Polish: "Obecnie nie ma nic do naprawy")
Anything in the Supervisor logs that might be useful for us?
Anything in the add-on logs that might be useful for us?
Additional information
No response