Configure HTTPS from scratch - I've followed guide after forum post and still it's not working

jfgoodhew1 · March 9, 2025, 4:01pm

I’m looking for a proper walkthrough for setting up HTTPS using duckdns and let’s encrypt.

My issues:
Let’s Encrypt addon config requires an email address, which is not set up anywhere else on the internet but in that config.
Port forwarding on a Sky router is NOT straight forward, and requirements vary from 8123, 40, 443 and 80. No idea which is correct from all the conflicting info out there.
config.yaml file doesn’t seem to update after configuring duckdns or let’s encrypt - not sure if I should do that manually, how much to add, which headings are missing, etc. Some say you need a http: heading then some lines under, others not.

Basically I’m looking for a complete step by step workthrough now for this process from a brand new HA Green to fully connected on https, with EVERY STEP correct to the current menus. Where does this mystical email address in Let’s Encrypt come from? What’s its function? What should configuration.yaml look like when all is said and done? Why oh why does configuring an add-on NOT update configuration.yaml to correctly operate the add-on?

This is all basic basic stuff that I have failed one too many times to make work. I’ve tried to erase everything I’ve done to the HA so I can start again. I don’t even know if I’ve succeeded at that because there’s no simple reset that I can find. Feeling like a complete noob right now, even though I managed IT for a manufacturing company for a few years.

I’ve spend well over 100 hours trawling the forums and YouTube for this and I’m tired of it now.

Thank you for any help you guys offer up. I just want my Samsung air con to stop trying to freeze or boil our toddlers - and Samsung support suggested setting individual routines for every degree C the temperature might or might not go up or down. That didn’t work, needless to say. HA was supposed to be the silver bullet…

Humbly waiting for a sensible reply or two.
James

mterry63 · March 9, 2025, 5:12pm

If that’s truly your goal, and if you’ve really put more than 100 hours into this, I would recommend simply paying for Nabu Casa. If you put 100 hours into trying to fix a leaking sink and failed, wouldn’t you hire a plumber and move on?

Not only will the Nabu Casa subscription solve your problem in seconds, but it will also support the project moving forward which will be to your advantage in the long term.

ShadowFist · March 9, 2025, 5:14pm

It’s been 5 years for me, but let’s get the simple stuff out of the way.

If you’re using the DuckDns addon, then Let’s Encrypt is built in by default and you don’t need to configure it separately. This is my full DuckDns config in the addon itself:

domains:
  - yoursite.duckdns.org
token: 89b690ee-c7cd-401d-9211-e05ee552ed22 #replace with yours - this is a dummy token
aliases: []
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: fullchain.pem
  keyfile: privkey.pem
seconds: 6000

michaelblight · March 10, 2025, 4:21am

Another alternative - use the Cloudflared addon. It’s simple(ish) to set up and doesn’t require port forwarding. And Duckdns is flaky when used with Google Home.

WallyR · March 10, 2025, 8:06am

All of them are correct. It depends on your use case and your design decisions.
First you need to make sure that you actually can use portforarding. Do your ISP use CGNAT?