is there some way to add two domains to my home assistants letsencrypt addon so the certificate is valid for both the actual domain and its internal address so i dont get warnings every time i try to access it locally? i have a rpi that automatically opens a page and displays it but i need to use the external address or manually accept going to what it perceives as a insecure domain. requires adding a keyboard and stuff. super annoying.
@jatgm1, depending on your setup you can just update your hosts file to point the domain name to your internal ip. That should solve the ssl certificate issue with your browser
1 Like
@peterf1972 I assume the hosts file on windows? This might handle this on that particular machine and if that is all you need it may be fine. However if you use the companion app, you may not realize but it is most likely using your outside address.
Disconnect your modem and see if you can access home assistant with the mobile app. If you canāt, you will need some sort of dns rewrite. I use the adguard addon but dnsmasq and the community nginx proxy manger can as well.
Not necessarily. If you use an open router OS (like openwrt), and that the router acts as the DNS server / forwarder, you can do it in the router hosts file.
2 Likes
SSL certs are only valid for domains, not ip addresses.
As indicated above, if you want access via ip on your local network use a reverse proxy.
Also even though you are using the external address, if your router has hairpining it will rout it directly to the local address.
2 Likes
Thatās not actually completely true (you can add IPās in SAN certificates) but itās true for letsencrypt and, generally speaking, āofficialā certificates, indeed.
You could install pi-hole on your rpi and tell your routers DHCP server to give that as primary dns. Then configure your domain name to the local IP address. This way all devices you have connected on your network will resolve the name to local ip and your already existing certificate will be valid. And from the outside itāll resolve to to the external ip as usual. You can also setup pi-hole to be DHCP server (just disable it on your router) and then you donāt need to do any other configs, pi-hole offers itself as dns automatically to clients.
i use no-ip, and so is what your saying that i cannot add a second hostname and make that host name a local address?
i really dont want to change my dns to the raspberry pi as it would be problematic for the entirety of my network if it went down.
if i cant do it then ill like, make due u know, but if theirs a way to just like add it to the configuration and get it to work i would deffinately do that. also i have a consumer tp-link router im not sure if adding a domain in the dns is something thats possible. idk
also wholy sh-t i can just directly login to noip from my router and not have to run a client on windows to keep updating it.
In DHCP settings set primary dns to rpi ip (if you go with pi-hole), secondary to 1.1.1.1 or 8.8.8.8 or whatever you like to use. if rpi goes down, only effect is that the domain name starts to resolve external ip again. This is the correct way to do what you are trying to do to get it to work on your whole network instead of just the machines you edit āhostsā files on. Of course the dns server can be whatever you wish. doesnāt have to be rpi. And no, you cannot have local ip addresses in no-ip.
You could simply solve this by adding the domain name in your router, and add the machine name to your dhcp lease reservation
so in my router 192.168.0.10 is reserved for home-assistantās mac 01:02:03:04:05:06 and will use āhassioā as machine name.
Then my routerās domain is set to domain.my
Hence my router believes that hassio.domain.mine can be found on 192.168.0.10
Cheers !
@jatgm1 it looks like no-ip can do this but I canāt see their page as adguard blocks it.
@koying lolā¦ after losing internet service and then not having local control. Going through all different options, I hadnāt come across your suggestion. Sure enough I can ssh into my router and itās right there in /etc/hosts
And how does one do this?
Depends a bit on type of router, but basically it all comes down to the sameā¦.
This topics explains how to let an esphome device resolve HAās local IP by dns name, but this applies to any IP within any local networkā¦.