Implementation of Let's Encrypt


I turn to you because I want to do like many: make HA accessible on the internet via an https connection.
But despite hours of research, each time, either in 90% of the cases the configurations concern HA OS, or they are too old and obsolete.
For information, I have HA in container version.

To summarize:

My HA works very well
I set up DuckDNS (Duck DNS - Home Assistant 2) via the integration (not the add-on)
I have configured the port openings on my box.
So at this level I can already access it remotely but in an unsecured way.
→ So I’m missing Let’s Encrypt integration with certificate management.

Can you help me knowing that I use the docker version of Home Assistant?

Thank you in advance for reading my post.

My configuration
Version core-2022.12.0
Installation type Home Assistant Container
Development false
Supervisor false
Docker true
Root user
Virtual environment false
Version of Python 3.10.7
Linux operating system family
Operating system version 5.15.76-v8+
Processor architecture aarch64
Time zone Europe/Paris
Configuration directory /config
Home Assistant Community Store

GitHub API ok
GitHub Content ok
GitHub Web ok
GitHub API Calls Remaining 4976
Installed Version 1.28.4
Stage running
Available Repositories 1157
Downloaded Repositories 3
Home Assistant Cloud

Connected false
Access to the certificate server ok
Access the authentication server ok
Go to Home Assistant Cloud ok

Dashboards 1
Resources 1
Views 4
Storage mode
Start time of the oldest run December 7, 2022 at 21:37
Start time of the current execution December 7, 2022 at 22:37
Estimated size of the database (in MiB) 151.14 MiB
Database engine sqlite
Database version 3.38.5
Spotify API endpoint accessible ok

This image looks good

Haven’t tried it myself but looks straightforward to use. What have you tried?

Personally I’d suggest you look at either Traefik or SWAG. Both of those are reverse proxy solutions that handle SSL for you, and are also easy enough to extend to anything else you want to expose remotely. This also means that your local connections don’t run into SSL certificate issues.

Personally I prefer Traefik, for Docker it’s really easy to set up, and even for stuff not running in Docker it’s not hard at all. Indeed, I used to run NGINX (the technology used by SWAG) and I’ve now switched to Traefik.

1 Like

Thank you for your answers!
I’ll explore both of these and see what would work best!
@Mike Aside from the direct implementation of let’s encrypt, I have successfully set up a VPN, (Twingate).
It worked well, but the problem was that I had to run the VPN constantly on my phone to use the location features, and it was attacking the battery quite a bit…