Finally got my LetsEncrypt certificate to work correctly after a bloody struggle so I thought I’d document it for posterity in case anyone else makes the same goofs I did.
Most important lesson: don’t use port forwarding in your router to map 443 to 8123. That’s what the NGINX proxy is for.
Your firewall only needs to pass 80 (for the HTTP challenge when validating the certificate) and 443.
My set up is running home assistant on a raspberry pi with a unifi router sitting behind a Verizon 5G Home modem. I have port forwards for 80 & 443 in both devices (in series) that brings this traffic to my raspberry pi and NGINX maps the 443 to 8123.
I have a dynamically allocated WAN IP from Verizon so I need to use DuckDNS. LetsEncrypt is my certificate issuer.
It’s nice that I can finally open my ratgdo-controlled garage door (because fuck you, MyQ) without having to be on my home network.
Anyway, if anyone else is struggling to get a certificate working with their HomeAssistant, HMU