I couln´t find a solution to this using the search engine but I would like to solve the issue for using https on the local network as well.
I use duckdns and let’s encrypt for remote access and it works nicely.
For local access I would like to use the local IP address but the certificate is only valid for the duckdns address.
How can I fix this so that both the duckdns address and the local IP address are part of the certificate?
You could:
- Set up nginx HA addon, and access you local site as usual https://my.duckdns.site/
- Set up Apache as reverse proxy and access you local site as usual https://my.duckdns.site/
- Set up a local dns and access https://my.duckdns.site:8123
- Set up a local dns with hairpin NAT (provided you router supports it) and access you local site as usual https://my.duckdns.site/
I used to use option 2, which just required one config change in my router,.
A bit later added the hairpin (option 3)
And after i realized i could use Apache as reverse proxy, i implemented option 4 (as i had apache running already anyway).
I’ve done this with the DuckDNS addon and a local DNS server. This concept is called split-horizon DNS.
I’m using bind but you could probably do this with the Adguard addon and Custom Filtering rules to return the internal IP of you HA instance instead of the external IP which is configure in DuckDNS.
This would require setting the DNS server that is given to the DHCP clients to the IP of the Adguard addon / HA instance. Keep in mind that this may affect all connectivity to the internet on your internal network if your HA instance is down.
The certiicates you can get only support DNS names and no IP addresses.
The solutions mention above here are both for using DNS names on the local network.
If you are adamant in using HTTPS with local IPs, then you need to run your own Certificate Authority (CA) anf take the fight to get it imported in the Certificate Store (CS) on all your devices.
There was no requirement given to use the internal IP specifically. I’d recommend to stay away from managing your own CA and certificates as it does add admin overhead, especially when trusting the CA on all your devices and updating that cert when it expires - and it should expire for security reasons, otherwise, what’s the point.
The solution I proposed above is more a a set-and-forget solution. Once it is set up, HA will help to keep the addons up-to-date, and the certificate rotation is handled by the DuckDNS addon.
One caveat to mention is that once in a while chrome wil say the site is unsafe because it detects the IP that was returned by the internal DNS is different from the public one.
There was a wish for it.
My bad… I understood that as just local connectivity.
Your and aceindys replies were still correct.
It was just to make certain facts about them clear. 