SSL verification failure about haaska HOT 5 CLOSED

@freedreamer82 - Sorry for the delay on this (we do this in our spare time for free).

I know the instructions aren’t great on this, but it’s up to you. Since you control the configuration and the server, you can decide to have the verify off, or on.

If you want to have it on, grab a copy of your cert.pem file from Let’s Encrypt, and put it in the config folder. Next, put the name of the certificate in ssl_client. That should do it 😄

from haaska.

got it , maybe update the wiki!
thanks!

from haaska.

@freedreamer82 Yes, I know 😄

I plan on posting the update this weekend.

from haaska.

If anyone is hitting the issue with verification failing (Ive seen this on a number of Forums, but not the solution.)
Having spent hours trying to fix this, I eventually got verification to work using a Lets Encrypt cert, but had to create a cert bundle rather than just the single cert that Lets Encrypt gave me.
By default the certificate.crt you get from LetsEncrypt contains only the one that they create and sign for you. Some systems insist that the https server (HA in this case) has the full chain of certs in the one file.
To do this, you just need to use an editor and copy/paste all of:

1. Your certificate (that Lets Encrpyt gave you - called certificate.crt)
2. The Lets Encrypt intermediate CA certificate (this is the one provided by Lets Encrypt and called ca_bundle.crt)
3. The root certificate that signed Lets Encrypts CA Cert (You can download it from here: https://letsencrypt.org/certificates/ but make sure you pick the right one)

The order is important, and actually I found it had to be in the order 1. Your Cert, 2. The Root Cert, 3. lets Encrypt CA Cert.
It should look something like this:

-----BEGIN CERTIFICATE-----
MIIFlzCCBH+g......................
.........eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgA......................
.........eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK......................
.........eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

Note that it also needs to be readable by homeassistant, so be careful of dos-to-unix conversion issues if you are editing under windows.. Also make sure each of the ---BEGIN--- and ---END--- statements are each on a separate line (as above).

Once you've created this file, copy it up to homeassistant (probably the ssl directory) and update your configuration.yaml to use this new file rather than the previous certificate.crt (or simply replace the existing certificate.crt with this combined one)

Just a side note, the other issue I found was that running haaska in AWS (Ireland/Europe instance), HA had to be accessible via port 443 rather than HA's standard 8123. Once I updated that, all worked perfectly!

from haaska.

Question...
my ISP has occupied 443 port with his services but I can access on ssl using 8123 port.

as far I understood this is why I'm getting this problem... how can I avoid it?

from haaska.