Home Assistant Let’s Encrypt Add-on – how to get the newly obtained cert used?

I have the Let’s Encrypt Add-on configured for my Home Assistant logon. I got it to renew.

I see the cert is stored at /data/letsencrypt/live/hass.example.org/fullchain.pem.

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[00:52:12] INFO: Selected DNS Provider: dns-rfc2136
[00:52:12] INFO: Use propagation seconds: 60
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for hass.example.org
Waiting 60 seconds for DNS changes to propagate
Successfully received certificate.
Certificate is saved at: /data/letsencrypt/live/hass.example.org/fullchain.pem
Key is saved at:         /data/letsencrypt/live/hass.example.org/privkey.pem
This certificate expires on 2023-05-30.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

But I don’t see directory in my terminal session for Home Assistant. It’s as if I should just give up and use an Nginx proxy instead. At least I know how to run that.

I see files in

/ssl

and they have today’s date. openssl is not installed on HomeAssistant or I’d use that to inspect the cert.

/ssl directory
/ssl directory

Damn it. I’ve been checking the cert by clicking on the lock next to the address URL in my browser. It’s wrong.

However, using this approach:

% openssl s_client -connect 10.0.23.12:8123 -servername hass.example.org
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = hass.example.org
verify return:1
---
Certificate chain
 0 s:/CN=ha.unixathome.org
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
---
Server certificate
-----BEGIN CERTIFICATE-----
[redacted]
-----END CERTIFICATE-----
subject=/CN= hass.example.org
issuer=/C=US/O=Let's Encrypt/CN=R3
...

I took the cert details and fed it into this command:

[air01 dan ~] % openssl x509 -text
-----BEGIN CERTIFICATE-----
[redacted]
-----END CERTIFICATE-----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            [redacted]
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Mar  1 23:53:17 2023 GMT
            Not After : May 30 23:53:16 2023 GMT
...

Success. I can move on….

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top