I have a domain name that I want to use with my Home Assistant. Here is what I did so far:
[Note] My Home Assistant is installed on an Ubuntu machine.
I port forwarded public ports 80-433 to private ports 8123-8123.
Created a A+ Dynamic DNS Record of my domain that points to my ISP public IP address.
Now when I type my sub-domain name in the browser http://subdomain.mydomain.com it successfully fetches my HA login page and I can login and use it from outside my network without any problem.
The problem is that the browser is reporting that the connection is not secure. So I bought an SSL Certificate from my domain provider and I want to use that between my domain + Home Assitant.
All the guides I found, focuses on DuckDNS and Let’Encrypt, but I dont want to use third party websites, I want to use the SSL I bought from my domain provider along with my own domain name.
I thought I can install the SSL certificate on the Ubuntu machine itself and somehow assign within the certificate the port 8123 so that this is where the SSL would be activated at, but not sure how to do that and also not sure if Home Assistant uses Apache or not.
Not very experienced with Linux and any help is greatly appreciated.
I just want to be able to use my own domain with my HA with my own SSL. So far I got the first half working, my domain name resolved to my HA correctly so my port forwarding is correct, just need to know how to apply the SSL bought from my domain registrar which is (namecheap.com) to my HA instance.
My domain provider is namecheap too. What type of certificate did you get ? You might need to convert them to .pem format. After you have it in .pem format, all you need to do is copy them to /ssl and activate it in configuration.yaml.
it was applied automatically to my domain, but I can download it or reissue it, when I download it, its a zip file and inside are 3 files: .crt .p7b and .ca-bundle sorry if this doesnt help, I’m completely new to SSL. Do I have to reissue it from the domain?
convert the .p7b format to .pem then add it to homeassistant root / ssl and then
In my configuration.yaml file add:
http:
base_url: subdomain.my_domain_name.com
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
Is that correct?
[update] trying to convert the .p7b file to PEM but giving an error " There was a problem converting that certificate. It may be corrupt or it may be in a different format than the one you selected. You can try using a different format or running the OpenSSL commands on your own machine. The private key also may not match the certificate that you uploaded."
Perhaps you have figured this out, but you should be getting from your provider at least two things:
the certificate (for your domain),
the private key (used to help create your Domain Certificate)
For convenience, the provider should also be providing a third item:
3) A chain certificate (contains your domain cert, plus any intermediary certificates)
and likewise you should have (or may need to create) a file for each.
The file extensions don’t always tell you which is which.
.crt however is likely the certificate;
.p7b typically means whatever it is, it was encoded pkcs#7; and may also be the certificate
.ca-bundle: googling around it appears that this is the chain certificate that namecheap provides.
PEM is the encoding a lot of people use, and is the encoding that can used by HA so you’ll need to get both the private key file and fullchain files encoded in PEM (if not already encoded that way). The way you can tell is by opening the files with a text editor and they should start with some like: -----BEGIN CERTIFICATE REQUEST-----
and -----BEGIN RSA PRIVATE KEY-----
Hopefully the .crt and .ca-bundle are already PEM encoded.
Hope that helps.
Thank you very much for your help, once I got the .pem file for the certificate and private key, I put them in my SSL folder in HA and added the http component with links to both files, then restarted HA and it worked. Thanks a lot for your help guys. Much appreciated.