Letsencrypt switching open firewall on challenge

Installation Home Assistant OS
1

So I’m looking into Hass.io with HassOS because of the deprication of Hassbian.
Maintaining raspbian in the background was a recurring hassle that didn’t feel right as well so it was time.

A lot of stuff looks good, zigbee and automations everything seems to be great.

There’s just one thing…

On the Hassbian setup I have a cron.d running that triggers a script that not only runs the certification renewal but also opens and closes the ports necessary for the challenge.
Reason; I don’t leave doors open if it’s up to me. My wife complains about me not only closing doors but locking them as well. Always and all the time… So why leave open ports on something that is only used like once a week?

Has someone already looked in to this or has an idea on how to do this? Thanks a bunch!

2

DuckDNS uses DNS authentication for SSL certs, so it doesn’t require 443/80 open at all.

3

Use the duck dns add on. No port shenanigans needed.

If you have a domain from somehwere else look into the LE addon.

4

Even better Caddy which supports DNS challenge as well if you use your own domain.

1 Like
5

That sounds awesome. Googled it but found a lot of posts with a lot of issues getting things running (and you being part of the solution).

Can you help me out and point to a tutorial of some sort on how to setup caddy in hassio without duckdns and without using port 80? Thanks a bunch!

6

Have a look here… also I have a previous blog post about it
https://dew-itwebservices.com.au/caddy-server-and-home-assistant-dns-validation/