Native HTTPS Support with Built-in Self-Signed Certificate Management

Feature Requests
1

Hi team,

I’d like to propose a feature that brings native SSL/TLS support directly into the Home Assistant Core, including a built-in mechanism for generating and managing self-signed certificates.

:jigsaw: Problem

Currently, to secure Home Assistant with HTTPS, users must rely on:

  • A reverse proxy setup (e.g., Nginx, Caddy)
  • External services like Let’s Encrypt, which require DNS access and internet exposure
  • Manual import of custom certificates

This introduces significant complexity and a steep learning curve, especially for users who:

  • Want secure access only within their local network
  • Rely on VPNs, Tailscale, or internal-only deployments
  • Are privacy-conscious and prefer not to expose Home Assistant to the public internet

:bulb: Proposed Solution

Add native HTTPS support, allowing users to enable encryption without external proxies, and generate valid (albeit self-signed) certificates directly from the Home Assistant instance.

Key features:

  • Option to enable HTTPS directly in configuration.yaml:

yaml

http:
  ssl: true
  ssl_mode: selfsigned  # options: selfsigned, custom, disabled
  ssl_custom_certificate: /config/ssl/mycert.pem
  ssl_custom_key: /config/ssl/mykey.pem
  • Secure certificate generation with modern crypto (e.g., RSA 2048+, SHA-256)
  • Automatic renewal and rotation of self-signed certificates
  • Optional export as .crt or .mobileconfig to ease trust installation on mobile/desktop devices
  • UI support to inform users how to install the certificate on their browser or mobile OS

:closed_lock_with_key: Why it’s better than current methods

Feature Current State With Proposed Feature
HTTPS locally :x: Needs proxy or Let’s Encrypt :white_check_mark: Native support
Requires internet :white_check_mark: Yes (Let’s Encrypt) :x: No (fully offline possible)
Ease of setup :x: Manual + proxy complexity :white_check_mark: One-line config or UI toggle
Ideal for VPN users :x: :white_check_mark:
New user friendliness :x: :white_check_mark:

:rocket: Benefits

  • Improves security out of the box
  • Makes Home Assistant more approachable and private
  • Reduces dependencies and complexity
  • Aligns with Home Assistant’s privacy-first automation philosophy

Thanks for considering this feature — it would be a great improvement for privacy-aware and local-only deployments.

2

Hello fhgprofeta2008

So, Nabu Casa?

3

Nabu Casa does not provide local https.

1 Like
4

Totally agree — and that’s why native local SSL support would be a great gain for internal network security. :+1:

1 Like
5

I had not considered that, or ever found a use for it either…

6

Would this mean HA generates cert for *.local or similar?

7

yep, for homeassistant.local

1 Like