core: Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']

I’ve read about this, and i thought I’m not new to this. Running 0.104.3 on a RPi 3B with Raspbian 10. Install HASS in a virtual environment under /home/pi. The docs say I could use /etc/letsencrypt/live/… which are symlinks. User pi can read the cert and key (see below). But as long as they are symlinks then hass refuses to start and gives the error in subj. Otherwise works. What gives? The docs clearly show the symlinks.

$ whoami
pi

$ cat /etc/letsencrypt/live/domain.com/privkey.pem
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDJlH5F4/Ab5QVR
...

$ cat /etc/letsencrypt/live/domain.com/fullchain.pem
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISA0ooJwGGznIlGs6ekXdS+8KwMA0GCSqGSIb3DQEBCwUA
...

$ hass
...
2020-02-06 01:32:33 ERROR (MainThread) [homeassistant.config] Invalid config for [http]: not a file for dictionary value @ data['http']['ssl_certificate']. Got '/etc/letsencrypt/live/domain.com/fullchain.pem'
not a file for dictionary value @ data['http']['ssl_key']. Got '/etc/letsencrypt/live/domain.com/privkey.pem'. (See /home/pi/.homeassistant/configuration.yaml, line 10). Please check the docs at https://www.home-assistant.io/integrations/http
...

configuration.yaml has

http:
  base_url: box.domain.com:8123
  ssl_certificate: /etc/letsencrypt/live/domain.com/fullchain.pem
  ssl_key: /etc/letsencrypt/live/domain.com/privkey.pem

If I copy the actual .pem files (from letsencrypt/archive) as files into /home/pi/.homeassistant/{fullchain,privkey}.pem and update the .yaml accordingly then it works. if I copy them as symlinks then it fails again with the same error.

What gives?

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 17 (2 by maintainers)

Most upvoted comments

This still doesn’t give a useful warning about permissions, so I’d argue it’s still a valid issue.

Definitely a permissions problem, but that is no excuse for throwing such error message. It shouldn’t be so hard to first check if the files are readable.

Create symlinks to in local folder (make sure permission correct in /etc/letsencrypt), works, e.g.:

cd /home/homeassistant/.homeassistant
sudo mkdir letsencrypt
sudo ln -s /etc/letsencrypt/live/DOMAIN/fullchain.pem .
sudo ln -s /etc/letsencrypt/live/DOMAIN/privkey.pem .
sudo chown -R homeassistant:homeassistant letsencrypt
http:
  ssl_certificate: /home/homeassistant/.homeassistant/letsencrypt/fullchain1.pem
  ssl_key: /home/homeassistant/.homeassistant/letsencrypt/privkey1.pem

Don’t know why but path to /etc/ causes error.