solved …
my mistake: i missed the following configuration.yaml entries:
http:
base_url: myname:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
now works flawlessly 
1 Like
I have the https working great but I want to use fison67’s HA-Connector SmartApp to bring a few HA only devices over to my ST hub but he states that https will not work with his SmartApp. Is there a way to keep my https setup with duckdns and also have http with an http_password available as well or is that not possible? Thanks for any help.
I followed everything in this guide but I'm getting
ERR_SSL_PROTOCOL_ERROR when connecting to my
domain with https://×××.duckdns.org. Everything still
working fine if I connect with http://×××.duckdns.org
Can anyone help me?
Edit: fyi i'm running hass in a python virtual
environment
EXCELLENT guide, thanks a lot!
Hi
I decided to use this guideline
I’ll reserve this post to note my comments
Assumptions
link to this assumption " You have already secured your Home Assistant instance, following the advice " has to be changed to … https://www.home-assistant.io/docs/configuration/securing/
0,1 ,2,3= OK ( HA android app connected to HA by http:subdomain.duckdns.org:8123 + TFA authentication)
Great guide, however I’m using homeassistant docker and it errors when trying to install certbot. Looks like the docker image is stripped down the bare basics, any idea on how to get around this? thanks
bash-5.0$ apt-get install certbot -y
bash: apt-get: command not found
Is this manual intended for use on a separate install on raspbian. I get stuck when I want to login with SSH. I can’t do sudo there!
1 Like
I’m 75% down the road, currently at the ssl-cert-check step, but I have encountered a couple of problems:
- If I delete the
ha_testport forwarding rule (8123->local_ip:8123) home assistant becomes unreachable (with theha_testrule in place, it works perfectly usinghttps://myduckdnsurl:8123) - Even with
ha_testrule, when accessing home assistant using the duckdns domain with https, I lose access to several external tools (i.e. node-red, esphome) running in other virtual machines which are accessed with their local ips in aconfiguration.yamlpanel_iframesection.
Moreover, I have two other local services (appdaemon, and configurator/file-explorer) which also stopped working
btw, my home-assistant is running in a freebsd jail
- How do I test the port forwarding situation
- What do I do with integrated external services (either running on the same ip of home assistant or another ip in the same home network)
Hey guys,
I created a video in GERMAN / deutsch how to use Let’s Encrypt together with DuckDNS.
Perhaps it is also helpful for some of you: https://youtu.be/O9J7v08PT9c
Best regards, Tristan
1 Like
Thanks guys for this guide. I have a issue with installing TLS/SSL with Let’s Encrypt. My outside ports ports 80&443 are blocked by Unifi USG Pro-4. So I can do a forward rule on my firewall, but before this rule work the USG Pro-4 takes controll. I could not find anything to switch of this two ports on USG. For this reason I can’t use outside ports 80&443. So when I run
sudo certbot certonly --standalone --preferred-challenges http-01 --email [email protected] -d xxx.yyy.org
I get following error message
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for XXXX
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
Any ideas how I can fix that so that let’s encrypt is using another port
Thanks in advance, Tom
Hi Tom
Good to see you here 
Let’s connect tomorrow to check your USG Configuration. I had no problems setting up the PortForwarding on my USG.
BTW: I’m getting blocked by your PI-Hole when accessing your public URL on port 80…
You’ve probably solved this already, but to help others out: when using the dockerized Home Assistant, the correct command is apk add certbot. It’s using Alpine Linux.
Reporting that everything worked fine with hass-in-container on raspbian-buster,
EXCEPT that the android-companion-app cannot contact from inseid my local-network,
since my router does not support lopback, so i’m stuck with https://<local-ip>:8132,
which needs manually overriding security warnings - i guess, the browser embedded in the android-app does not prompt for those overrides.
I can still loginto hass using a browser page, but presence does not work when inside my network.
I can think of 3 ways out:
- proxy HASS though apache/nginx so SSL terminates on the proxy, and 8132 remain plain http;
- fix android-app to ignore the security warning when accessing the internal-URL / from home-wifi, or even have a separate tick-option to allow this exception;
- SplitBrain DNS.
Any suggestion welcomed?
1 Like
Just trying this out, but was wondering if Option 2 would work in a Docker HA installation (on Lubuntu)?
My concern is that the certbot script would be located correctly, and that there would be no permissions issues?
shell_command:
renew_ssl: certbot renew --quiet --no-self-upgrade --standalone --preferred-challenges http-01
Edit: if I try running the renew_ssl command from the HA console I get an error (return code 127)
1 Like
Excellent post! I spent hours looking at how to have SSL in my home assistant core mounted on docker-compose.
I was finally able to do it by following his steps and adding the corresponding volume:
volumes: - /home/pi/homeassistant:/config - /etc/letsencrypt/archive/mydomain.duckdns.org:/config/ssl - /etc/localtime:/etc/localtime:ro
And this in configuration.yaml of Home Assistant:
http:
ssl_certificate: /config/ssl/fullchain1.pem
ssl_key: /config/ssl/privkey1.pem
To renew, your commands didn’t work for me, but this command did work:
certbot renew --cert-name mydomain.duckdns.org
Hope this can help someone if they have the same problems as me, thanks for your tutorial!
1 Like
This tutorial does not work in 2022.
5 Likes
Does this tutorial works for DYNU DDNS?
It works with any DYN DNS. You just need a fixed domain name.
I’m working on creating an update but lack the ability to post it. I’ll reply back in this thread once I do.
EDIT: It looks like I’ve been granted the necessary rights to do so! 
Perfect. This is exactly what I was looking for. It worked well.