Installing TLS/SSL using Let's Encrypt

ankostis · May 29, 2021, 11:23pm

Reporting that everything worked fine with hass-in-container on raspbian-buster,
EXCEPT that the android-companion-app cannot contact from inseid my local-network,
since my router does not support lopback, so i’m stuck with https://<local-ip>:8132,
which needs manually overriding security warnings - i guess, the browser embedded in the android-app does not prompt for those overrides.
I can still loginto hass using a browser page, but presence does not work when inside my network.

I can think of 3 ways out:

proxy HASS though apache/nginx so SSL terminates on the proxy, and 8132 remain plain http;
fix android-app to ignore the security warning when accessing the internal-URL / from home-wifi, or even have a separate tick-option to allow this exception;
SplitBrain DNS.

Any suggestion welcomed?

itm1960 · July 29, 2021, 10:23am

Just trying this out, but was wondering if Option 2 would work in a Docker HA installation (on Lubuntu)?
My concern is that the certbot script would be located correctly, and that there would be no permissions issues?

shell_command:
  renew_ssl: certbot renew --quiet --no-self-upgrade --standalone --preferred-challenges http-01

Edit: if I try running the renew_ssl command from the HA console I get an error (return code 127)

jonatanpradasn · August 30, 2021, 10:58pm

Excellent post! I spent hours looking at how to have SSL in my home assistant core mounted on docker-compose.
I was finally able to do it by following his steps and adding the corresponding volume:

volumes:
  - /home/pi/homeassistant:/config
  - /etc/letsencrypt/archive/mydomain.duckdns.org:/config/ssl
  - /etc/localtime:/etc/localtime:ro

And this in configuration.yaml of Home Assistant:

http:
ssl_certificate: /config/ssl/fullchain1.pem
ssl_key: /config/ssl/privkey1.pem

To renew, your commands didn’t work for me, but this command did work:

certbot renew --cert-name mydomain.duckdns.org

Hope this can help someone if they have the same problems as me, thanks for your tutorial!

simonjcarr · March 13, 2022, 12:22pm

This tutorial does not work in 2022.

enry86cami · October 8, 2022, 12:09pm

Does this tutorial works for DYNU DDNS?

mirkow · December 20, 2022, 9:15am

It works with any DYN DNS. You just need a fixed domain name.

HoneypotLeopard · December 25, 2022, 7:07pm

I’m working on creating an update but lack the ability to post it. I’ll reply back in this thread once I do.

EDIT: It looks like I’ve been granted the necessary rights to do so!

You’ll find my post here