Asustor, DuckDNS, and SSL Certificates

I installed Home Assistant on my Asustor NAS, the Nimbustor 2, Model AS5202T. I was transitioning/updating from my Hassbian install on my RaspberryPi. After getting it configured, I wanted to setup my DuckDNS and SSL certificate like I had previously had. The Asustor has a built in certificate manager and also has a LetsEncrypt app, but I was not able to find any guides. I struggled through it and thought I would share!

On your Asustor, in addition to the Docker and HomeAssistant Apps, you will need the LetsEncrypt App installed.

If you don’t already have a DuckDNS account, create one.

Follow this guide for creating a LetsEncrypt Certificate
https://www.asustor.com/en-gb/online/College_topic?topic=324
If you have an ASUS Router, there are specific instructions for Port Forwarding. My settings worked at port 80 and 443 (external 80 to internal 80 and 443 to 443). These instructions can be found in the above link.

When you have successfully created a certificate and can access your Asustor Portal via your WAN IP, export your certificates from the Certificate Manager. If you are using a web browser, they will download to your local machine. Alternatively, you could find these certificates on the file system, but I could not locate them. It was easier to export and transfer.

Load these certificates back onto your Asustor, where you can access them from your config file. Then following the format in the following link, point the config file at the Certificate files you just uploaded.

After restarting, you should be able to access your HomeAssitant from your DuckDNS address with a valid certificate.

1 Like

Also noted, the Asustor is capable of updating your certificates automatically in the certificate manager, but you will have to manually export and transfer them to where ever your home assistant SSL location is each time they expire.

I actually found the location of the SSL certificates from the inbuilt Let’s Encrypt ACME client.
Path: /volume1/.@plugins/AppCentral/letsencrypt/.CertBot/config

This is probably CertBot and within the config folder are the expected live, archive, etc folders.

Unfortunately, I could not figure out how to successfully set up the certs - tried copying the folders into the HA Docker folders and also by pointing directly to the certs at their actual location, but neither worked.

What worked for me in the end was using the inbuilt reverse proxy service on ADM, then editing configuration.yaml, adding the scripts used for the NGINX reverse proxy:
https://companion.home-assistant.io/docs/troubleshooting/networking

In addition to the trusted proxies on the above page, I added my home LAN IP range too. Have not had the time to figure out which is the one that’s essential.

This way, no need to manually export the SSL certs from Certificate Manager :slight_smile:

Nice find, @Kenriku81. That got me past what I was stuck on before. I found my certificates in:
/volume1/.@plugins/AppCentral/letsencrypt/.acme.sh/[my domain name]
I did not have a ‘.CertBot’ folder, but I was able to do a ls -a to see all the folders in letsencrypt.

Once I found the live certs, I just needed to reference them in the HomeAssistant configuration file. I tried to do a symbolic link, hard link, and mount point, but none of those worked. Since HomeAssistant is running in a Docker Container in this setup, it is unable to access files outside of docker-mounted volumes.

I was able to steal some tips from this thread and get it to work:

I did not follow those steps exactly, but did the following instead:

  1. Install a Docker manager like Portainer CE on the Asustor
  2. Once a username is setup, find Containers in Portainer.io (on the left-hand side)
  3. Stop the Home-Assistant container and select Duplicate/Edit
  4. Towards the bottom, select Volumes, then + map additional volume
  5. Add a volume with container as your new docker-path and host as the path above, /volume1/…[domain name]
  6. Select Deploy the container and then select to replace the current container
  7. After a bit, the Home-Assistant container should start
  8. In the configuration.yaml, replace the ssl certs with /[your new docker-path]/[your domain name].cer and .key
  9. Save and restart HA. Everything should work now!
1 Like