Certificates


#1

Hi all,

I’m using hass.io with the lets encrypt add-on which works fine and I have a working certificate for my Dyndns adress.
But what’s when accessing hass.io via hass.local from my home network. Obviously the certificate is not valid so I always get errors and warning. is it possible to use 2 certificates. One for the public domain (from letsencrypt) and one for local access?

Thanks
Dennis


#2

When you’re accessing from local, are you using the internal name?

ie if your domain where your cert is on is hass.mydomain.com and that works from external, are you accessing your hass machine on localmachine.local? which makes the cert invalid? If so…just make hass.mydomain.com resolve inside your network.

If your router supports dnsmasq, you could add a hass.mydomain.com 192.168.1.x (local ip of the hass machine)…or just use the external domain name from inside your network…Either approach should mean that you’re now using the full cert compatible name and so it would be “secure”


#3

sure, I could just access hassio via the external domain. But I don’t want to be reliant on the internet access because we sometimes have outtages for a couple of hours - that’s why i want to use the internal adress/ip for internal devices


#4

Sorry, now i understand what you mean. So you mean that the router routes just redirects the request while I’m in the local network. not sure if my router can do that


#5

Another solution to the above, if windows the C:\windows\system32\drivers\etc\hosts file can be setup to say hass.mydomain.com = 192.168.1.x, and if linux the resolv.conf I think can do the similar task if your router can’t support it.

Regarding the first point, depending on how your router and client dns is set up, ie each machine connected to your router uses your router ip as the dns (and not your ips/google dns directly) then some caching may take effect in the event of an internet outage meaning that your external name may still resolve correctly…would be something to test out and see if it still works - for 90% of the time it’s your best option I think.


#6

Or use NGINX