Homeassistant does not work enabling ssl

Configuration
1

I have home assistant installed via pip:
pip3 install homeassistant

Then i followed this link to add letsencrypt:
https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt

Everything was ok, untill i added ssl_certificate and ssl_key to my configuration.yaml
I checked configuration and everything is ok: .pem files have 777 rights on them, and I checked the path of the files which is correct.
When I start homeassistant it looks like there are no errors, log is empty, but web is not working. My suspicion is that home assistant is working, and just frontend is not.

http:
  api_password: !secret http_password
  ip_ban_enabled: True
  login_attempts_threshold: 5 
#  ssl_certificate: /home/user/dehydrated/certs/domain.duckdns.org/fullchain.pem
#  ssl_key: /home/user/dehydrated/certs/domain.duckdns.org/privkey.pem

This is my current configuration. If I uncomment these lines homeassistant no longer starts.

2

just add your keys to your web server setup. Restart your web server and you should be able to use ssl. Leave the key/cert lines out of your http section

3

What do you mean by: add your keys to your web server setup ?

4

Did you add https:// before your domain? The S being the important part.

http://domain.duckdns.org:8123 will return nothing

https://domain.duckdns.org:8123 should return your HA front end.

5

do you mean configuration? Then yes
base_url: https://domain.duckdns.org:8123

But the frontend does not even open in my local network http://192.168.0.20:8123 where I usually open it when I am at home.

6

You are missing the S in httpS

7

Oddly this works on my local network. Although certificate is broken because this ip is not in the certificate.
Is http completely disabled when I enable ssl?
As for my domain https://domain.duckdns.org:8123 this still does not work.

8

yeah, that’s the point of enabling SSL

It might not work on your local network if your router does not support ‘hairpin NAT’

9

I did try it outside of my local network.

when ssl is commented out:
http://domain.duckdns.org:8123/ works outside my local network
http://192.168.0.20:8123/ works on local network

when ssl enabled
https://domain.duckdns.org:8123/ does not work outside my local network
https://192.168.0.20:8123/ works with broken certificate on local network

10

http will work, https is broken because the address domain.duckdns.org != 192.168.0.20

That’s why it’s just easier to go into your web server config (i think it’s lighttpd) and set the certs up in there and be done with it.

Also someone correct me if wrong, isnt’t the https port for HA 8008?

11

HUH?

Home Assistant runs it’s own http instance. Lighttpd doesn’t exist in Home Assistant. It is all self contained.

no, it’s still 8123 if you use the SSL options in HA.

12

I just assumed since that’s the way I’ve had mine setup. The SSL option for HA never worked for me so I just ignored it since day one.

13

That means you’re running a reverse proxy? That is not a ‘stock install’

14

Well that and a bunch of other services, so yeah… Honestly I just never paid it any attention. I thought that most people just ran a webserver for their HA instance. my bad

15

Sadly, a large swathe of the people running home assistant don’t even know what a reverse proxy is, let alone know how to set up and run a web server. :wink:

16

So, basically what you are saying, I should ditch homeassistant implementation of ssl and use a reverse proxy?

17

absolutely

18

*chuckles :slight_smile:

19

try to access it by using just the domain leaving off the port:

https://domain.duckdns.org

20

This won’t work, since I dont have port 80 forwarded on my router.