Need help setting up remote access with SSL with my own domain

First of all, I am very new to home assistant and have limited knowledge about networking.

I am in the process of setting up my remote access to HA with SSL.
Currently, I have remote access since I forward 8123 to my public IP and have my router set up with duckdns. So I can access my HA without SSL. But from what I understand Google Assistant only works with a domain with SSL and self-signed duckdns certificate only last 3 months (?).

So I bought a domain and plan to use it to remote access HA (and maybe more in the future). I already looked through the configuration guide, but it says my home router needs to support custom DNS entries which mine does not (I am using a Ubiquiti UDM pro).

So what should I do? Can I still set up remote access with my own domain? Any guide that might help me thought the process?

I hope you’re not actually signing in to Home Assistant remotely over HTTP instead of HTTPS. That’s a security risk.

DuckDNS doesn’t issue SSL certs. You might be talking about the DuckDNS addon which gives you the option to obtain a Let’s Encrypt SSL cert for your DuckDNS subdomain. The certificate is valid for 3 months but can be renewed before it expires (which the DuckDNS addon handles). It’s also not self-signed but I won’t get into that. If you don’t have access to the addons because you’re running Home Assistant Core only there are other ways to take care of renewing the cert.

Sure, you can use it to access Home Assistant remotely. The options you have to set that up depend on how you installed Home Assistant. Do you see a Supervisor (or button in the sidebar in your frontend?

Alternatively, you could go back to using the DuckDNS subdomain if you only bought the domain thinking DuckDNS wasn’t a viable option.

1 Like

Thanks for your reply!

  1. Yes, I am accessing my HA with HTTP at the moment. It is a security risk. I know. I hope I can fix it soon.
  2. With the recent naming change, everything becomes a bit more confusing. I am running my Home Assistant in a dock of a Ubuntu VM on Proxmox. I tried the duckDNS route actually yesterday following the remote access part of this guide. The installation of duckDNS worked out fine, I put in the API keys and a new subdomain, everything works till this point. But after installation, as soon as I enable the HTTP settings in my configeration.yaml I will lose both local and remote access of my server. I have to use samba to comment out the HTTP settings to regain access. I am not sure why that’s happening, maybe because I am on a docker on Ubuntu?
  3. Yes, I can see the Supervisor button. Please guide me!

Again thanks for your replay!!

Let’s try the DuckDNS route again, except when you go to set the base_url in configuration.yaml, make sure to include https:// at the beginning. Also once you do this you’ll need to access home assistant over https even with the LAN IP address (that is, when accessing on your local network).

Also, I would set up two-factor authentication on your home assistant account now if you haven’t already…and change the password when you get remote access over HTTPS working.

Holy crap! It worked! I was messing with it for 5 hours yesterday! Somehow it works this time! Maybe I really need to forward 8123 to 443 before I start the duckDNS add-on and generate a certificate? Anyways remote access with my https address works now. Thanks!

More questions:

  1. So the duckdns add-on will regenerate the certificate every 300 seconds by default?
  2. Is there anyway to setup normal LAN ip address access?
  1. The addon will check your WAN (public) IP address every 5 minutes and update your DuckDNS account with the new one if it has changed. I believe the addon will attempt to renew your cert when it’s 30 days from expiring.
  2. You have to access with your LAN IP using https too in this case (that’s what I meant by “Also once you do this you’ll need to access home assistant over https even with the LAN IP address” in my previous message). You’ll get a warning about the certificate being invalid, but it’s not. It just happens because your cert is for your DuckDNS domain, not your LAN IP. You can click “proceed anyway” or similar to access. Alternatively, you could set up secure remote access using a reverse proxy and keep local access unencrypted which would enable you to access remotely over HTTPS and locally over HTTP. There are a few NGINX reverse proxy addons but I don’t run a Supervised install (so I don’t have the addon store), so I wouldn’t be able to help you with those.

Thanks anyway!
I found a video on Youtube which guided me through NGINX and Google Home TTS setup. Everything works so far. Now let me figure out the google home integration.

Would it be possible to use duckdns addon but all also own domain?