Situation
Your HomeAssistant instance is connected to the internet, but not reachable from the internet. You want to have a certificate signed by a well-known certificate authority for your HomeAssistant to be able to connect by HTTPS to your HomeAssistant.
Solution on my HomeAssistant Green:
DuckDNS.org “dynamic” dns + Letsencrypt addon + nginx addon
Howto:
-
create a DNS entry on duckdns pointing to your local HomeAssistant instance (for example xyz.duckdns.org with ip 192.168.1.133). Copy the token for later use.
-
Install the Let’s Encrypt addon (Settings → Add-ons → Add-on store) and configure like this:
-
Install the NGINX Home Assistant SSL proxy . Follow exactly the documentation regarding configuration settings in configuration.yaml. Restart everything. Check https://xyz.duckdns.org
-
Configure a daily automation to start the Let’s Encrypt addon. This will ensure renewal of the certificate on time. I configured it with the GUI (Settings → Automations). This is the generated YAML:
alias: Letsencrypt
description: ""
trigger:
- platform: time
at: "00:30:00"
condition: []
action:
- service: hassio.addon_start
metadata: {}
data:
addon: core_letsencrypt
mode: single
- Configure the internal URL to HTTPS: Settings → System → Network → Local Network → Disable “Automatic”, Enter https://xyz.duckdns.org. Restart everything.