I am running HA in a docker container. I have created a wildcard self-signed cert that I use elsewhere within my homelab. But I cannot get it to work within HA. Here is how I created my cert using openSSL
Create CA - Root Key
openssl genrsa -aes256 -out ca-key.pem 4096
Create Request
openssl req -new -x509 -sha256 -days 3650 -key ca-key.pem -out ca.pem
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:OH
Locality Name (eg, city) []:Cortland
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Real World Developers
Organizational Unit Name (eg, section) []:Internal
Common Name (e.g. server FQDN or YOUR name) []:RWD.com
Email Address []:realworlddevs@outlook.com
Create Server Cert Signing Request
create key
openssl genrsa -out cert-key.pem 4096
create request
openssl req -new -sha256 -subj "/CN=RealWorldDevelopers" -key cert-key.pem -out cert.csr (subject=anything)
create config
echo "subjectAltName=DNS:*.RWD.com,IP:192.168.50.10" >> extfile.cnf (powershell will at BOM - need to open with notepad++ and set to UTF8)
create cert
openssl x509 -req -sha256 -days 3650 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial
I am also running Pi-Hole as my local DNS. Without the cert, my DNS routes to ha.rwd.com within my homelab just fine.
My configuration.yaml file contain the http node like so
# TLS Certs
http:
ssl_certificate: /config/fullchain.pem
ssl_key: /config/cert-key.pem
Spacing in the config is correct. The certs are in the config folder within the container.
Yet in my logs, i still get this:
2022-09-12 18:55:41.931 ERROR (MainThread) [homeassistant.setup] Error during setup of component http Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/components/http/init.py", line 355, in _create_ssl_context context.load_cert_chain(self.ssl_certificate, self.ssl_key) ssl.SSLError: [SSL] PEM lib (_ssl.c:3874) The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/setup.py", line 235, in _async_setup_component result = await task File "/usr/src/homeassistant/homeassistant/components/http/init.py", line 180, in async_setup await server.async_initialize( File "/usr/src/homeassistant/homeassistant/components/http/init.py", line 272, in async_initialize self.context = await self.hass.async_add_executor_job( File "/usr/local/lib/python3.10/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, **self.kwargs) File "/usr/src/homeassistant/homeassistant/components/http/init.py", line 358, in _create_ssl_context raise HomeAssistantError( homeassistant.exceptions.HomeAssistantError: Could not use SSL certificate from /config/fullchain.pem: [SSL] PEM lib (_ssl.c:3874) 2022-09-12 18:55:41.933 ERROR (MainThread) [homeassistant.setup] Unable to set up dependencies of api. Setup failed for dependencies: http 2022-09-12 18:55:41.935 ERROR (MainThread) [homeassistant.setup] Setup failed for api: (DependencyError(...), 'Could not setup dependencies: http') 2022-09-12 18:55:41.936 ERROR (MainThread) [homeassistant.setup] Unable to set up dependencies of auth. Setup failed for dependencies: http 2022-09-12 18:55:41.936 ERROR (MainThread) [homeassistant.setup] Setup failed for auth: (DependencyError(...), 'Could not setup dependencies: http')
Home Assistant in a docker container, so u must add the path of certs' directory to docker by adding mount: Commandline arg:
--mount type=bind,source=/certdirectory,target=/config/ssl
Docker Compose:
volumes:
- type: bind
source: /certdirectory
target: /config/ssl
Or use Portainer GUI (must install)
Then modify the configuration.yaml:
http:
ssl_certificate: /config/ssl/fullchain.pem
ssl_key: /config/ssl/cert-key.pem