dockersslself-signedhome-assistant

Getting Self Signed Cert to work with Home Assistant in Docker


I am running HA in a docker container. I have created a wildcard self-signed cert that I use elsewhere within my homelab. But I cannot get it to work within HA. Here is how I created my cert using openSSL

Create CA - Root Key
     openssl genrsa -aes256 -out ca-key.pem 4096 

Create Request
    openssl req -new -x509 -sha256 -days 3650 -key ca-key.pem -out ca.pem
    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:OH
    Locality Name (eg, city) []:Cortland
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Real World Developers
    Organizational Unit Name (eg, section) []:Internal
    Common Name (e.g. server FQDN or YOUR name) []:RWD.com
    Email Address []:realworlddevs@outlook.com

Create Server Cert Signing Request
    create key
    openssl genrsa -out cert-key.pem 4096
    create request
    openssl req -new -sha256 -subj "/CN=RealWorldDevelopers" -key cert-key.pem -out cert.csr (subject=anything)
    create config
    echo "subjectAltName=DNS:*.RWD.com,IP:192.168.50.10" >> extfile.cnf (powershell will at BOM - need to open with notepad++ and set to UTF8)
    create cert
    openssl x509 -req -sha256 -days 3650 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial

I am also running Pi-Hole as my local DNS. Without the cert, my DNS routes to ha.rwd.com within my homelab just fine.

My configuration.yaml file contain the http node like so

# TLS Certs 
http:
  ssl_certificate: /config/fullchain.pem
  ssl_key: /config/cert-key.pem

Spacing in the config is correct. The certs are in the config folder within the container.

Yet in my logs, i still get this:

2022-09-12 18:55:41.931 ERROR (MainThread) [homeassistant.setup] Error during setup of component http Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/components/http/init.py", line 355, in _create_ssl_context context.load_cert_chain(self.ssl_certificate, self.ssl_key) ssl.SSLError: [SSL] PEM lib (_ssl.c:3874) The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/setup.py", line 235, in _async_setup_component result = await task File "/usr/src/homeassistant/homeassistant/components/http/init.py", line 180, in async_setup await server.async_initialize( File "/usr/src/homeassistant/homeassistant/components/http/init.py", line 272, in async_initialize self.context = await self.hass.async_add_executor_job( File "/usr/local/lib/python3.10/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, **self.kwargs) File "/usr/src/homeassistant/homeassistant/components/http/init.py", line 358, in _create_ssl_context raise HomeAssistantError( homeassistant.exceptions.HomeAssistantError: Could not use SSL certificate from /config/fullchain.pem: [SSL] PEM lib (_ssl.c:3874) 2022-09-12 18:55:41.933 ERROR (MainThread) [homeassistant.setup] Unable to set up dependencies of api. Setup failed for dependencies: http 2022-09-12 18:55:41.935 ERROR (MainThread) [homeassistant.setup] Setup failed for api: (DependencyError(...), 'Could not setup dependencies: http') 2022-09-12 18:55:41.936 ERROR (MainThread) [homeassistant.setup] Unable to set up dependencies of auth. Setup failed for dependencies: http 2022-09-12 18:55:41.936 ERROR (MainThread) [homeassistant.setup] Setup failed for auth: (DependencyError(...), 'Could not setup dependencies: http')


Solution

  • Home Assistant in a docker container, so u must add the path of certs' directory to docker by adding mount: Commandline arg:

    --mount type=bind,source=/certdirectory,target=/config/ssl
    

    Docker Compose:

     volumes:
      - type: bind
        source: /certdirectory
        target: /config/ssl
    

    Or use Portainer GUI (must install)

    Then modify the configuration.yaml:

    http:
      ssl_certificate: /config/ssl/fullchain.pem
      ssl_key: /config/ssl/cert-key.pem