I have setup duckdns and letsencrypt and I am now able to access my home assistant with https://xxxx.duckdns.org:8123 .
Having watched the videos from BRUH Automation (both the new HassIO video and the previous video he did for setting up duckdns and letsencrypt on the old home assistant installation) it seems I now need to remove the forwarding I did of port 80, which was no problem, but I also need to forward port 443 external to port 8123 internal.
Now I have tried looking up how to do this on a sky router, but I am unsure how to do it. Maybe its not something Sky allow their customers to do?
So at the moment I have port 8123 and 443 forwarded as you can see below. Its working, but I am worried it may not be secure like this.
Hopefully other people have tried setting this up with a sky router and can help, or can see anything I can change from the screenshot below. All I have covered is my internal IP and the service name I gave to 8123.
Thanks, lets hope there is a solution! I have a feeling it may be something Sky routers don’t allow and not being a network expert, would be worried i’m potentially leaving myself vulnerable with this set up.
I have installed it and its working fine. That’s not the issue. The issue I am having is not being able to forward port 443 external to port 8123 internal on my sky router, which I am not sure how big a security concern that should be to me.
If its going to leave my network vulnerable with that set up then I need to think about keeping my home assistant local until I get a router which enables me to make the necessary changes.
Sorry I thought you were referring me to the instructions rather than needing help. My bad.
I’m only a couple of weeks into using home assistant too, but the way I did it was by following BRUH Automation’s videos on Youtube. I followed this one from 11:10 to 13:00 >> https://www.youtube.com/watch?v=XWPluWcYRMI&t=761s . He goes through it quickly, so I also watched the older video, which goes into more detail, but you have to ignore the command line parts as they relate to the previous version of home assistant and not HassIO >> https://www.youtube.com/watch?v=BIvQ8x_iTNE&t=557s
Hopefully they will set you on the right path. If you have any questions about any parts I will do my best to answer.
Sounds like you had it set up like I have now. I have forwarded 443 as shown in the screen shot, but I am wondering if it is a security issue if I can’t forward external 443 to internal 8123. I’m not a networking expert.
I know what you mean about the sky hub. It has been frustrating me too. Took several attempts to save any changes because of the time out message every time I tried to make a change! I have a 3 story house and on the top floor the wifi is sketchy too. Thinking of getting a better router soon.
Thanks. I was ready to give up on Lets Encrypt. My router won’t let me map 443 to 8123 so I just have 443 to 443. Your suggestion to change server_port to 443 worked.
A few questions.
On the local LAN it comes up Privacy Error, Not Secure which you can ignore and connect anyway. Do you get the same thing?
Externally I get an “i” in a circle warning instead of a padlock icon when I connect. Is that the same for you?
Thanks again. I tried uninstalling Lets Encrypt and reinstalling it but the result was the same. Access not secure.
Going back to the WARNING: “This add-on need port 80/443 to verify the certificate request, please stop all add-ons that also use these ports, or you may not be able to start this add-on.” I tried turning off add-ons the only 3 other add-on’s I have installed: Samba, SSH and Duck. I could START Lets Encrypt.and it reported “started” but when I went to another page and came back it had stopped. Is this normal?
Thinking it might be something in my configuration.yaml file I reloaded the default file that comes with the Hassio install. And surprse, it worked! Well not completely. Externally I got the padlock. Internally I got “not secure”. I thought “Great, I can live with that!” But when I reloaded my personal configuration.yaml file it went back to the circle “i” warning. Could “emulated Hue” or some other component be interfering?
I find the WARNING about using Lets Encrypt confusing. First of all there is no mention about port forwarding. To most people the need for port forwarding may be obvious but for me I might think that it is no longer necessary. If it is still required is it only for the first time you start Lets Encrypt? Does it need to be a permanent port forward? And if you don’t have a router that can forward port 443 to 8123 should you not even try? Do you need to open ports whenever the key is renewed?
It would be helpful if there i a list of the built-in add-on’s that should be shut off when starting Lets Encrypt.
Found my problem by process of elimination. Deleted the “Yahoo Weather Sensor” and Lets Encrypt now works. I get the secure padlock externally (but not internally).
turn off emulated_hue.
ports: 80 to 80
443 to 443
8123 to 8123
get certs, make sure all installs then go abck in to your router and disable the forwards for 80 and 443 amd 8123 and make a single forward for 443 to 8123. Done.
Also, FYI, installing letsencrypt on hass.io will break configurator and hadashboard, if you use those. Consider yourself warned.
You’ll only be secure without warning when accessing the site from the Domain that you have the let’s encrypt certificate for i.e. Xxxx.Duckdns.blah
If you access via ip or internal domain name then the cert will not match, hence you get security warning.