There has to be a way to do this. Every guide I look at assumes you want remote access and uses DUCK DNS. I don’t. I have Nabu Casa for remote access and that because I have Starlink and it’s literally impossible to reach to my router’s ip address externally. Plus I want to support the devs and the HA project in their effort$$.
Browsers REQUIRE https for the mic to work on the Voice assistant. Too many of my other apps and devices fail when https is enabled w/ Lets Encrypt and there are logged HA bugs with no workarounds (OpenHasp for one) .
I think NGINX is the answer here, but I’ve messed w/ it for days and am at impasse. I’m not using DuckDNS.
I do have https working right now w/ LetsEncrypt. So my certs are valid and that chain of configuration works for most things like Lovelace. I use this right now for my instance: https://home.somedomain.com:8123
its just that the apps I need to work cannot use https…
While I don’t use nginx - for myriad reasons, not the least of which is the complexity, as you’ve discovered. Rest assured though, someone will be along shortly to tell you how wrong I am and how simple it is - even though you’ve already struggled with it for days.
NOW - having said that, I do believe that in your particular case, it is the correct answer. My understanding of the way it works, at a theoretical level, is that nginx is a proxy - so you would install your SSL cert on it, and then it would initiate HTTP connections to your HA server. So the traffic would go HTTPS → NGINX → HTTP → HA.
That way you can have your HTTPS cake, and eat it, too. As a result, I think you need to remove that SSL cert from HA, since HA will never respond via HTTP if it has a cert on it - or at least no way that I’ve ever seen/read about.
This presumes that there is a valid need for both HTTPS and HTTP connectivity to HA. I’ll not venture down that rabbit hole, though, and instead take the easy way out and assume that you’ve already identified a use case for this particular type of communication that you cannot get around.
Me? I use HTTPS everywhere. Inside, outside, done. Easy.
Do you want both http and https on the same port tied to the same ip address? That won’t happen.
Do you want both actually called ‘homeassistant.local’? That won’t happen either with a letsencrypt cert. You don’t own that domain. Its a local domain.
set all the defaults in NGINX and setting the domain to home.mydomain.party I get
Safari can’t open the page “https://home.mydomain.party:8123/auth/authorize?
response_type=code&redirect_uri=http%3A%2F%2Fhome.shole.party%3A8123
%2F%3Fauth_callback%3D1&client_id=http%3A%2F%2Fhome.shole.party%3A
8123%2F&state=eyJoYXNzVXJsIjoiaHR0cDovL2hvbWUuc2hvbGUucGFydHk6
ODEyMyIsImNsaWVudElkIjoiaHR0cDovL2hvbWUuc2hvbGUucGFydHk6ODEyMy8if
Q%3D%3D” because Safari can’t establish a secure connection to the server
“home.mydomain.party”.
They both will work. But just work differently. THe nginx manager is simpler but requires a database and will handle letsencrypt and such. The other will just do nginx and require you to manage duckdns letsencrypt with another addon. Its up to you. But they are different.
I’m guessing the addon is finding your certificates already generated from duckdns or something else. Im guessing it is on the home assistant file system and its finding it. Rename them… Or the other addon is already running with that cert. Or duckdns addon.
Or you already create the certificate within nginx proxy manager and now you’re telling it to ‘request a new ssl certificate’ instead of using the one you just created.
BTW, you probably don’t want ‘force ssl’ if you want to use both ssl and non-ssl.
Are you using the FQDN that matches the issued certificate as the URL to connect to HA, or are you trying to connect using the IP address or homeassistant.local or something? In order to not get a certificate error, you MUST connect using the URL containing the CN the cert was issued to. This is why the use of DNSMasq is useful for HTTPS deployments.