Frustrated with the lack of SSL [Nginx Proxy Manger Solved the issue]

I have several domains using lets encrypt on web forwarded hosts. DuckDNS lacks using an account authentication that lets me control the account. Not being familiar with Docker limits my ability to install a letsencrypt certificate on my RPi4 install. Why doesn’t HA include this as a decent add-on without a dynamic DNS solution. I have 8 static IPs. I do not need a dynamic DNS solution. Let me install SSL on my Docker instance, self-signed if needs be? :frowning:

I don’t understand your frustration. You can do this if you want… Although it can break things that specifically require non-ssl.

http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

can not generate a cert. no tools avail. no apt or apt-get available from the terminal. SO I have to rely on a HACS add-on to get to the box to copy the files. Poor execution. SSL should be built-in?

Well you can generate a certificate with letsencrypt but that requires, as you noted, a public domain name. That isn’t an HA limitation. That’s the letsencrypt. Without a domain name, you can’t create any certificate except self-signed.

So your frustration isn’t the lack of ssl but the inability to generate a self-signed certificate. No one recommends this which is why it isn’t part of HA. But if you want the tools to be able to do this, then you shouldn’t be running hassos. You should be running a different install where you can control the tools.

But frankly, if its a self-signed cert, you can generate this on literally any computer and copy to HA.

It is. You could subscribe to nubucasa. Or you can generate it with addons. I wouldn’t want ha ‘building this in’.

I have several domains to terminate on, and forwards if I wish. As far as the HA install… SSL should be out of the box? That is all I am saying. I need to get up to speed on Docker, as I am a bare metal guy, so this setup while it looks locked down, is frustrating. I want access to install things without windows garbage, or UI limitations. I figured out how to get a terminal, so we will see what I can do from here.

Honestly, you have the wrong install then. You should install ha supervised rather than hassos. Then you can do as you wish.

What is the URL and why did you post it?

AND I should apologize… I am a newb at HA. Maybe I am venting? I just think a solution as aged as HA should have SSL built-in instead of relying on add-ons? Thinking out loud I guess?!

I understand. But ssl out of the box means what? a self-signed certificate by default? that’s not a good idea…

1 Like

inspiredlife is one of my domains that forwards to a letsencrypt ssl domain. I have several of these, and it is trivial on bare metal, but the Docker thing is frustrating me because I can not just install scripts. I guess I need to spend some time on udemy?!

I am trying to setup a turn-key solution to sell a house, and being a newb at HA is presenting some issues. I created a domain for the prospective buyers, and I just want to install a letsencrypt cert without opening 80.

That is a terrible idea. Home Assistant requires constant updates and maintenance. What if your buyer does not want to do this?

Home assistant is not “turn-key”.

2 Likes

Oh no, this discussion again…

When you talk about auto-updates, people says you shouldn’t update if you don’t know what are the changes, if you say you would work with a ‘turn-key’ mode without updating, then you say the system requires updates…

Sorry, but you might be influenced by your experience with earlier versions of HA, now, the system is stable enough to be considered a comercial system and can be used as turn-key.
Which comercial system is more stable than HA?

No one says that. At least no one that knows anything about Home Assistant.

It’s not just about stability it’s also about security.

If you don’t update for a year and a vital security patch is released you are going to be in a world hurt due to the massive number of breaking changes. Like this person:

Stay up to date. Home Assistant is constantly evolving which necessitates breaking changes. Do not get behind and have to do a large number of them all at once.

I fully agree with you about the importance of updating, but there are lots of experienced people disagreeing with us…

Please provide a link to these “experienced people” saying this.

2 Likes

@tom_l I have been in IT for almost 50 years, is that experienced enough? I understand both the arguments for “if it isn’t broke, don’t fix it!” , and the need for updates in todays insecure world. The general rule of thumb is that if you are keeping something on your own network, you can get away without updating. However, in this hyper-connected world that is rarely the case anymore?!

That is not really the discussion anyway… Since my want is to make this available on the Internet, it makes sense that updates should not break anything in a perfect world. It would just be nice to have HA generate a certificate by default, and not have all these wonking work-arounds.

I am sure I will figure this out, I was just venting a bit in hopes someone would share there solution in response to my newbie disappointment. Cheers!

1 Like

You have been a member of this forum since July this year, so no, not enough experience with Home Assistant at all. As evidenced by this statement:

Pretty much every update of Home Assistant breaks something. Case in point.

As I said this is a bad idea unless you plan to support the smart home you sell.

@tom_l I am sure a 5th grader could operate HA better than I. I am surprised as a moderator in an advertised support forum that you would be so critical of the product. :thinking:

Thanks for the concern, and I get it… I have been reading and viewing videos about the Pros and Cons as I attempt this project. Turning over a home with smart products is a lot easier than it was 20 years ago, so I am not that concerned, as long as I can get it to work and encourage the buyer to have some fun with it. However, preventing passwords being sent in plain text is a must IMHO?!

1 Like

I’m not being critical, just realistic. The rate of breaking changes has declined as Home Assistant matures but they are still there, in all recent releases.

I’m not concerned for you, I’m concerned for the buyer. Home Assistant involves a requirement to put aside some time every month to maintain it.

1 Like

I looked at HA about a year ago, and it is amazingly improved. I have updated a few times this month without anything breaking so far… I am trying to limit the product variations, and complexity, so I am sure that helps?

The market I am in caters to tech professionals, so I wouldn’t be too concerned. It is highly likely that whoever buys will start from scratch anyway. What I am providing is a solution to encourage exploration and some value-add to the home. HA was a lot easier than rewriting (and supporting :persevere:) the homegrown web application I developed for the aged “smart” tech in my home that I have been using for the last 15-20 years. I appreciate your view point. It is valid, but IoT is insecure by it’s nature. Just like the industry, I am just trying to capitalize on it’s availability, and if I can promote HA and improve the experience, that would be cool too? :wink:

1 Like