LetsEncrypt certificate that was auto-generated by NabuCasa not in my SSL folder (trying to setup Node-Red)

Third party integrations Node-RED
1

I know this is probably a dumb noob question, but this will shape if I need to learn about LetsEncrypt & DuckDNS (not sure if its necessary yet):

  • I subscribed to NabuCasa as a wise investment to help me with the SSL security stuff because I am SSL clueless.
  • I am trying to setup Node-Red and it wants SSL certificates.
  • Can I use the same certificate created for me by NabuCasa? (it is working great so far!!)
  • My SSL directory is still empty…should I download the NabuCasa certificate to put in SSL?
  • …or do I bite the bullet and learn DuckDNS/LetsEncrypt to create a new certificate?

PS - I am running the supervised version of HASSIO in a VM on Win10 and the cloud stuff is working great with the remote URL. Locally I have always used: http://homeassistant.local:8123/

PSS - I know I can just do “ssl: false”, but I am trying to keep things secure. I use the NabuCasa remote stuff, so I guess I cannot say that everything is local anymore.

PSSS - Yes, I have read lots of old painful threads, but they do not touch on the new Nabu Casa SSL angle.

shameful noob,
frenchy (aka Steve French)

2

Does something speak against just using the HA addon of NodeRed? It works wonderfully just and no additional ssl setup required.

3

I am definitely talking about the official add-on (probably same as you). In order to start it, the default, for recommended security practice, is to properly configure the SSL certificate. It has been on my todo list to “properly setup the SSL certificate in Node-Red”. Having Nabu Casa setup the SSL cert was my first step…and… Here we are!!

4

Ah ok understood. However, you can simply run it with the ssl option set to false and letting the HomeAssistant Ingress taking care of it. When you open your HA Dashboard, via SSL the Nodered sidebar option will open it with the same SSL encryption.

See also here:

Enables/Disables SSL (HTTPS) on the web interface. Set it true to enable it, false otherwise.

Note : The SSL settings only apply to direct access and has no effect on the Ingress service.

5

@VoltVisionFrenchy Did you ever figure this out? I’m in the same position you were in your post.