Letsencrypt http challenge issues | Home Assistant | Page 1

stuck fox Jun 13, 2022, 7:18 AM

#

Hi guys, I am having strange issues with Letsencrypt certificate renewal. It used to work fine for years, but recently http challenge fails and I dont know how to debug. Port 80 and 443 forwarded to HA, I can see the packet go through the dst NAT rule and forwarded to HA, but the challenge fails.
I could not find any guidance how to debug unfortunately. Is it possible to set custom parameters to certbot, so I can start the temp web server and use letsdebug?

vital brook Jun 13, 2022, 7:31 AM

#

Same here, Still waiting for response. I was told to use dns-01 instead of http-01 , But I am not sure how to do it since duckdns isnt in the dns providers dropdown menu

stuck fox Jun 13, 2022, 7:33 AM

#

I wanted to try DNS challenge, but also using local DNS provider, which is not in the supported dns providers list...

#

This is ridiculous as I cannot connect to HA from the app for 3 days already without any solution

#

Strange thing is that port 80 will open during the http challenge when I test it from a pc connected to same subnet. Port is forwarded successfully too, so I dont get it.

vital brook Jun 13, 2022, 7:36 AM

#

test it via - https://www.yougetsignal.com/tools/open-ports/

#

check if your ports are actually open

stuck fox Jun 13, 2022, 7:53 AM

#

It will be closed when the temp webserver is only launched for the renewal

#

thats why I'd like to put parameters to certbot, so I can launch the web server and keep it running for debug

#

I am sure ports are not closed on my side

vital brook Jun 13, 2022, 8:09 AM

#

I have similar response too , since my ports 443 and 80 are open , but the site shows 80 is closed but 443 is open

#

its strange

vital brook Jun 13, 2022, 8:40 AM

#

Are you using duckdns?

#

of yes dns-01 wont work

#

https://community.home-assistant.io/t/duck-dns-is-not-working-challenge-validation-has-failed/329859

stuck fox Jun 13, 2022, 8:53 AM

#

no I have my own domain hosted by local provider in the country

#

so I am stuck with http challenge

vital brook Jun 13, 2022, 8:56 AM

#

SInce you have your own domain, can you try dns challenge?

stuck fox Jun 13, 2022, 8:57 AM

#

I did use it on other linux servers in the past, but not sure how to do it on HA without access to certbot

vital brook Jun 13, 2022, 8:59 AM

#

check letsencrypt documentation, its all there

stuck fox Jun 13, 2022, 9:05 AM

#

It is, but not in regards to the addon. I don't have access to certbot binary when I ssh into HA... and GUI settings won't allow that

#

ok seems like I need to get access to the docker container

vital brook Jun 13, 2022, 10:20 AM

#

how do you do that?

vital brook Jun 13, 2022, 10:36 AM

#

got it

vital brook Jun 13, 2022, 11:22 AM

#

do you get the below error message?
Timeout during connect (likely firewall problem)

#

during renewing certificate

stuck fox Jun 13, 2022, 12:07 PM

#

yeah

vital brook Jun 13, 2022, 1:17 PM

#

I get the same error not sure what to do ahead

#

You are right about port 80 being open

#

I tried below in my Home assistant shell

#

nc -z <host> <port>
echo $?

#

if 0 = open
if 1 = closed

#

i got 0

#

so I am sure port 80 is open for my HA instance as well as all its addons/dockers

stuck fox Jun 16, 2022, 12:28 PM

#

Hey AJ

#

after the recent update of both the core and os I can now renew the certificate

vital brook Jun 23, 2022, 8:19 AM

#

really?

#

how?

#

it still isn't working for me 😦

vital brook Jun 23, 2022, 11:50 AM

#

I got it working - I reset my database and found duckdns to be part of dns01-challenge

#Letsencrypt http challenge issues