You are missing the S in httpS
Oddly this works on my local network. Although certificate is broken because this ip is not in the certificate.
Is http completely disabled when I enable ssl?
As for my domain https://domain.duckdns.org:8123 this still does not work.
yeah, that’s the point of enabling SSL
It might not work on your local network if your router does not support ‘hairpin NAT’
I did try it outside of my local network.
when ssl is commented out:
http://domain.duckdns.org:8123/ works outside my local network
http://192.168.0.20:8123/ works on local network
when ssl enabled
https://domain.duckdns.org:8123/ does not work outside my local network
https://192.168.0.20:8123/ works with broken certificate on local network
http will work, https is broken because the address domain.duckdns.org != 192.168.0.20
That’s why it’s just easier to go into your web server config (i think it’s lighttpd) and set the certs up in there and be done with it.
Also someone correct me if wrong, isnt’t the https port for HA 8008?
HUH?
Home Assistant runs it’s own http instance. Lighttpd doesn’t exist in Home Assistant. It is all self contained.
no, it’s still 8123 if you use the SSL options in HA.
I just assumed since that’s the way I’ve had mine setup. The SSL option for HA never worked for me so I just ignored it since day one.
That means you’re running a reverse proxy? That is not a ‘stock install’
Well that and a bunch of other services, so yeah… Honestly I just never paid it any attention. I thought that most people just ran a webserver for their HA instance. my bad
Sadly, a large swathe of the people running home assistant don’t even know what a reverse proxy is, let alone know how to set up and run a web server. 
So, basically what you are saying, I should ditch homeassistant implementation of ssl and use a reverse proxy?
absolutely
*chuckles 
This won’t work, since I dont have port 80 forwarded on my router.
i don’t understand.
you need to forward port 443 to 8123 for the ip address of your HA machine to access it over https.
port 80 is for unsecure communication as far as i understand it.
It appears you didn’t use a Python Virtual environment. Be aware that this will cause you problems if you install any other Python programs (like AppDaemon) also outside of a virtual environment.
Port 80 is the default for HTTP. Port 443 is the default for HTTPS. You don’t have to use them, you can use any port.
https:// means port 443 is required if you don’t specify the port. For example, if you use port 44443 you would forward that on the router to your HA system (you can forward it to port 8123), and then connect with https://yourhost.example.org:44443/
I guess I understood that. I just didn’t convey it very well. 
thanks for clarifying it for me.
MySetup:
Raspberry Pi3 B
16Gb HD (microSD)
debian stretch
lighttpd 1.4.45
HASS 0.75.2
Soooooo…I also use Lighttpd to serve some pages, mainly because I have pihole running (another awesome program that blocks ads, but enough of the free advertisement).
I had apache2 running with a reverse proxy but since Lighttpd is lightweight I decided to keep it… plus every time I update pihole it install Lighttpd again!
I’m trying to do the reverse proxy, etc… I have no clue how to.
For the HTTP conf, I had:
<VirtualHost *:80>
# I like serving hass on a alias.... for ease of mind:
ServerName hass.myservername.com
ServerSignature Off
ProxyPreserveHost On
ProxyRequests Off
# related to certbot and the cert generation process:
ProxyPass /.well-known http://hass.myservername.com/local/.well-known
ProxyPassReverse /.well-known http://hass.myservername.comlocal/.well-known
# portion to forward HASS:
ProxyPass / http://10.0.0.0:8123/ disablereuse=on
ProxyPassReverse / http://10.0.0.0:8123/
ProxyPass /api/websocket ws://10.0.0.0:8123/api/websocket disablereuse=on
ProxyPassReverse /api/websocket ws://10.0.0.0:8123/api/websocket
# to make sure it forwards all the time:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
the for the HTTPS conf:
### HASS hosted Pi ###
<VirtualHost _default_:443>
# I like serving hass on a alias.... for ease of mind
ServerName hass.myservername.com
ServerSignature Off
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
# the one below serves the certbot certificate
ProxyPass /.well-known https://hass.myservername.com/local/.well-known
ProxyPassReverse /.well-known https://hass.myservername.com/local/.well-known
Alias /.well-known /home/homeassistant/.homeassistant/www/.well-known
# this is the HASS portion
ProxyPass / http://10.0.0.0:8123/ disablereuse=on
ProxyPassReverse / http://10.0.0.0:8123/
ProxyPass /api/websocket ws://10.0.0.0:8123/api/websocket disablereuse=on
ProxyPassReverse /api/websocket ws://10.0.0.0:8123/api/websocket
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/hass.andreslopez.us/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hass.myservername.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/hass.myservername.com/chain.pem
# lines below: from one of the post from the forum....is needed to work! websockects, etc...
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://10.0.0.0:8123/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://10.0.0.0:8123/$1 [P,L]
</VirtualHost>
If anybody has any idea what needs to be done to get this working on Lighttpd, please let me know… currently I’m not serving HASS outside from my network…since I can’t do it through https…