One question, i have configured cloudflared for my HA system and its working fine. My brother want use the same main domain but with another subsomain. Is it possible to create two different tunnels for one main domain?
Yes. I even have two different tunnels for 2 separate Home assistant installations in two different homes.
In configuration in cloudflare you can configure many subdomains so you can access different local URLs.
take a look at the add-on doc
1 Like
Yes, ihe have read it allready
addon-cloudflared/remote-tunnel.md at main · brenner-tobias/addon-cloudflared (github.com)
Rule 1, read the documentation 
You can also use local tunnel for it:
Firstly, anything that is not coming over the tunnel (e.g. duckdns domain) should not be affected.
Secondly, yes it seems like the automatic renewal process is not working anymore, but the manual one should not either. Your Domains do not expose your hosts anymore directly to the web but instead expose a reverse proxy server, that is getting the needed responses via the tunnel from your systems.
So the certificates for the Websites need to be valid for this reverse proxy. Luckily, all of these certificates are automatically created by Cloudflare, so you do not have to take care of that.
One drawback is that you cannot download these universal certificates (which are used in the free plan) to use for local connections. So for your local connections, you have to find another way e.g. using self-signed certificates.
I’m not sure if this helps; How to configure Let’s Encrypt SSL Certificates for Home Assistant completely 100% free (Updated for 2022/2023) - Configuration - Home Assistant Community (home-assistant.io) - you could get certbot to register with cloudflare DNS to get the letsencrypt certificates - well the ones on the cloudflare DNS anyway
The Let’s Encrypt add-on works very well to configure a valid “local” certificate for HA.
1 Like
This is a great addon, thank you very much! Great for those stuck behind CGNAT 
One issue I am having is, I created a tunnel and everything was working fine, however I decided I wanted to change the tunnel name so I can easily identify what tunnel is for what.
I deleted the tunnel in cloudflare and confirmed that all assigned configuration was removed, including the CNAME record.
I then uninstalled the addon and reinstalled and setup again from scratch, and entered the new tunnel name, however it somehow found an existing tunnel with the same ID, and I assume just gave it the same name as the tunnel was created again with the same name even after specifying in the addon setting to give it a specific tunnel name.
Any ideas?
Thanks
Let’s Encrypt supports many popular DNS providers:
- certbot-dns-cloudflare
- certbot-dns-digitalocean
- certbot-dns-dnsimple
- certbot-dns-dnsmadeeasy
- certbot-dns-gehirn
- certbot-dns-google
- certbot-dns-linode
- certbot-dns-luadns
- certbot-dns-nsone
- certbot-dns-ovh
- certbot-dns-rfc2136
- certbot-dns-route53
- certbot-dns-sakuracloud
You can also set up DNS authentication manually by using a TXT record provided during setup.
2 Likes
@brenner-tobias, this is a great addon! It took my longer-than-expected to set everything up but overall seems to be working out of the box, especially when using remote tunneling. I much prefer this setup than having my Home Assistant instance exposed, even with a randomized port. While I’m sure that Home Assistant does their share of pentests, having an additional layer of security is great.
1 Like
Thanks for raising this. Do you mind opening an issue for that on GitHub to continue the discussion there? Please also include the add-on logs.
Generally speaking: The add-on should always use the in the documentation specified tunnel name. So if you change that without re-installing the add-on, it should produce an error:
Existing Cloudflare Tunnel name does not match add-on config
[…]
Align add-on configuration to match existing tunnel credential file
or re-install the add-on.
I actually fixed it.
I think you just need to give cludflare some time to purge the tunnel on their end.
Wait a few minutes before recreating the new tunnel.
Thanks
1 Like
One more thing,
Ive noticed when using my custom domain name homeassistant.domain.com, when using this in the app as the external URL, it always redirects to use the web browser instead of the application.
Any way to resolve this or am I doing something wrong?
Thanks
No. It is not possible.
It is discussed in this thread, but it has to be implemented by the app developers:
You can delete app data, and in the set up process, you can log in in cloudflare access, but when session expires, you are at the beginning.
You can also use warp access in order to bypass the need for CF access, but in my experience, warp makes navigation slower and loses connection frequently when moving.
Well, had the very same problem a week or so ago, but could not get any help (see my post a bit further above) so I had to figure it out myself 
Investigating this problem led me to realize two things:
- it’s a much better option to run the original cloudflare “app” in a docker container and not as a hass plugin (obviously, if you have a home server that is)
- running it without a ZT application (preferably a TOTP like Google or Github for an ease of access) is not really as secure as others might make you think - although none of the ports are open but your hass instance is…
Anyway, the solution to your (and many others’) problem is to delete the original tunnel from two different locations:
a) main cloudflare account / domain / DNS (as a CNAME record)
b) zero trust dashboard / access / tunnels
And then you’re golden - hope this helps others as well not to go mad for days like me 
So you mean installing cloudflared as per the recommended steps when setting up the tunnel, in our cases would probably be docker?
What will this achieve? Also do we need to configure any static routing etc?
I am a hass newbie but after two or three weeks of intensive testing I realized if I’d like to implement everything I want to work with HA then it’s gonna be a very complicated install with a shitload of addons (I use traccar, adguard, media server, etc) and much better if I install these in a separate container (easier update / better organization / better backup and restore options, etc) and then integrate only the data or the services these apps are offering into hass.
I know that using a raspberry pi is cool and trendy but in my opinion they are way too expensive but more to the point they are very much useless as you will outgrow them in a flash and have many limitations if you’d like to run a “proper” hass instance (come on haters!! ) And if you use a “one liter class” desktop PC then you are still in a 10-15W range but your possibilities are way beyond the raspberry pi with 32GB RAM, nvme and SSD drives, BT and so on…
Edit: apologies, this meant to be a reply to @deanfourie’s post
1 Like
Love this. Was able to get it up and running very quickly. Have you considered adding some sensors to HA for the tunnel? I’m thinking Service Health, Uptime, maybe some usage metrics?
Can this add-on be used with Home Assistant Supervised Installation ?
Kindly reply
Yes! I am using on supervised