Noob, struggling with HTTPS on HASS.IO

sixedup · September 18, 2019, 12:14am

I’m running Hassio 0.98.5 on an RPI 2B. All is working well within my home network, but I want to make it accessible from the Internet for a variety of reasons (IFTTT and LMS integration initially). Clearly I need to enable HTTPS with valid certificates.

I already have a static IP address, several domain names, and working reverse-DNS resolution for my “base” domain name. I have a main home server running multiple Internet accessible services, including websites, a mailserver, S3-compatible storage, VPN endpoint etc. That system also manages renewal of my LetsEncrypt certificates, which are used by all the various services that it supports.

I was planning to forward port 8123 from my Internet-facing router to 8123 on the RPI that is running Hassio. This would let me “piggyback” the HA access onto my existing domain names.

What I’m trying to understand is how to:
(a) enable the HA web interface on 8123 using HTTPS. I don’t think DuckDNS or LetsEncrypt plugins are going to be useful to me.
(b) automate the push of my LetsEncrypt certificates (that I assume I will need) from my main server to my Hassio install when they are renewed. Normally I’d just use SCP, but SSH doesnt seem to be enabled on Hassio

Any help would be really appreciated, as I’ve been studying the docs for about 3 days now, without much success.

FredTheFrog · September 18, 2019, 12:46am

Go to Hass.IO and select the ‘Add-ons’ tab. Then install the DuckDNS Add-on that includes everything you need, ESPECIALLY LetsEncrypt.

Mutt · September 18, 2019, 1:47am

have you read the sticky thread at the top of the forum and have you even tried looking on the forum for similar threads ?
I think ther may be a couple

sixedup · September 18, 2019, 11:04pm

Thanks for the advice Keith. But I already have a static IP address (no need for DuckDNS) and a real domain name (no need for DuckDNS) and a set of valid certificates that match my domain, supplied by LetsEncrypt and managed by my main server. I can’t run another instance of the ACME protocol - it will beak all the services on my main server.
What I need is a way to push my existing certificates into Hassio (that I can automate/script from my main Linux server), and then a way to use those certificates to provide HTTPS access to the web GUI.

nickrout · September 18, 2019, 11:22pm

Enable say on hassio, or samba (they are add-ons) then use your existing certificates.