Home Assistant Let’s Encrypt HTTP Challenge Error

In case you see the following logs in Let’s Encrypt Home Assistant Add-on:

[23:06:26] INFO: Selected http verification
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Account registered.
Requesting a certificate for myhomeassistantexampleurl.duckdns.org
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: myhomeassistantexampleurl.duckdns.org
  Type:   connection
  Detail: Fetching http://myhomeassistantexampleurl.duckdns.org/.well-known/acme-challenge/...: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

This probably means that you don’t have the port 80 redirected to the Home Assistant server.

You’ll have to check your router configuration to add a new rule to redirect TCP traffic to the Home Assistant ip. Also, be sure that the rule is active. In most of the routers you can have inactive rules and some of them create the rule inactive.

Also, notice that this add-on will appear always as stopped since it just starts to renew the certificate. So don’t worry if you see it stopped.

Resources

• https://www.home-assistant.io/blog/2015/12/13/setup-encryption-using-lets-encrypt/
• https://letsencrypt.org/how-it-works/
• https://letsencrypt.org/docs/challenge-types/