HA at a RasPi: Secure the WebUI with certificate

dsgr · April 8, 2026, 8:14am

HA looks nice. But a WebUI without https? Even if the page is reachable only from the local network a modern web browser asks for the https page per default.

I searched for some advice how to insert a certificate into HA but at the end nothing leads to a running https connection.

I created a certificate and a key:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout key.pem -out cert.pem -subj "/CN=192.168.2.74" -addext "subjectAltName=IP:192.168.2.74"

Copied cert.pem and key.pem to /ssl
'$ ls -al /ssl/cert.pem /ssl/key.pem
-rw------- 1 root root 1866 Apr 8 09:30 /ssl/cert.pem
-rw------- 1 root root 3268 Apr 8 09:30 /ssl/key.pem`

and add the following lines into /homeassitent/configuration.yaml
http:
server_port: 443
ssl_certificate: /ssl/cert.pem
ssl_key: /ssl/key.pem

Afterwards I restart the whole system through the WebUI.

After the restart I do not found the open port 443. A https connection to port 8123 is not possible, too. (without the line server_port: 443 in the yaml)

How is the correct way to get a https connection to the WebUI?

dsgr · April 8, 2026, 12:21pm

Orr, meanwhile I have found that the HA is like a docker-env. So the SSH-Terminal App seems useless to get access to the OS.

How is the way to access the HA-Host to put certificates for the WebUI?

tmjpugh · April 8, 2026, 1:34pm

It’s in the http section

That or put it behind caddy or nginx

dsgr · April 9, 2026, 7:49am

Thx!

Should it be sufficient to do a
$ ha core restart
after I modify the configuration.yaml?
Or is a complete restart of the appliance necessary?

tmjpugh · April 9, 2026, 12:12pm

HA core restart should work.