I have the Let’s Encrypt Add-on configured for my Home Assistant logon. I got it to renew.
I see the cert is stored at /data/letsencrypt/live/hass.example.org/fullchain.pem.
s6-rc: info: service s6rc-oneshot-runner: starting s6-rc: info: service s6rc-oneshot-runner successfully started s6-rc: info: service fix-attrs: starting s6-rc: info: service fix-attrs successfully started s6-rc: info: service legacy-cont-init: starting cont-init: info: running /etc/cont-init.d/file-structure.sh cont-init: info: /etc/cont-init.d/file-structure.sh exited 0 s6-rc: info: service legacy-cont-init successfully started s6-rc: info: service legacy-services: starting services-up: info: copying legacy longrun lets-encrypt (no readiness notification) s6-rc: info: service legacy-services successfully started [00:52:12] INFO: Selected DNS Provider: dns-rfc2136 [00:52:12] INFO: Use propagation seconds: 60 Saving debug log to /var/log/letsencrypt/letsencrypt.log Renewing an existing certificate for hass.example.org Waiting 60 seconds for DNS changes to propagate Successfully received certificate. Certificate is saved at: /data/letsencrypt/live/hass.example.org/fullchain.pem Key is saved at: /data/letsencrypt/live/hass.example.org/privkey.pem This certificate expires on 2023-05-30. These files will be updated when the certificate renews. NEXT STEPS: - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - s6-rc: info: service legacy-services: stopping s6-rc: info: service legacy-services successfully stopped s6-rc: info: service legacy-cont-init: stopping s6-rc: info: service legacy-cont-init successfully stopped s6-rc: info: service fix-attrs: stopping s6-rc: info: service fix-attrs successfully stopped s6-rc: info: service s6rc-oneshot-runner: stopping s6-rc: info: service s6rc-oneshot-runner successfully stopped
But I don’t see directory in my terminal session for Home Assistant. It’s as if I should just give up and use an Nginx proxy instead. At least I know how to run that.
I see files in
/ssl
and they have today’s date. openssl is not installed on HomeAssistant or I’d use that to inspect the cert.
Damn it. I’ve been checking the cert by clicking on the lock next to the address URL in my browser. It’s wrong.
However, using this approach:
% openssl s_client -connect 10.0.23.12:8123 -servername hass.example.org CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = hass.example.org verify return:1 --- Certificate chain 0 s:/CN=ha.unixathome.org i:/C=US/O=Let's Encrypt/CN=R3 1 s:/C=US/O=Let's Encrypt/CN=R3 i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 --- Server certificate -----BEGIN CERTIFICATE----- [redacted] -----END CERTIFICATE----- subject=/CN= hass.example.org issuer=/C=US/O=Let's Encrypt/CN=R3 ...
I took the cert details and fed it into this command:
[air01 dan ~] % openssl x509 -text
-----BEGIN CERTIFICATE-----
[redacted]
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
[redacted]
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 1 23:53:17 2023 GMT
Not After : May 30 23:53:16 2023 GMT
...
Success. I can move on….
