Hi all,
I use HA for some time now and made some integrations. Unfortunately I’m not good in programming. scripts, so I have to rely on what others did and then copy that.
Now I’d like to play with HA Cast (Home Assistant Cast - Home Assistant), but my HA has to run using https SSL for this. Nowhere I can find how to configure that.
I have my HA running on a RPi 3B+ using Home Assistant OS 5.13. I like to keep it in the house, so no connections to the outside world. For safety.
Can someone help me where to find any info on how to configure this, so I can reach my RPi using https? Please keep it as simple as possible, so I can still understand and maintain it.
I’ve looked in the Home Assistant Cast – FAQ, but the only suggestion there is to use the HA Cloud, what I don’t want.
I have found many posts here about SSL, but they’re all about accessing form outside. What I’m looking for is local access using SSL.
So searching in this forum using ‘https’ or ‘SSL’ didn’t get me any further either, so I hope somebody can point me in the right direction?
Maybe your keyword wasnt correct. SSL would bring up better results and then lead you onto the fact you needed to be searching for things like Duck DNS and Lets Encrypt as these are popular ways of securing your instance.
I havent watched it myself, but this may help as its only a few months old so should still be relevant
Thank you for pointing out that I have to look for SSL in stead of https. This is where knowledge comes in handy I’ll have another try with this.
Your solution is not really a simple one. It’s based on DuckDNS and that is made for access from the outside world, which I don’t want. I don’t want to make my public IP address known anywhere, when not necessary and don’t like making a hole (port forward) in my router!
So I’ll have to look further for a suiting solution.
Thanks for helping me on the way.
Sorry, I totally missed the part when you clearly said you didn’t want any connections to the outside world!
I’m sure earlier I found a guide in the community guides posted by “system” which explained how to do this. It was a few years old but as it was just a local guide I didn’t pay attention of it as I never understood your requirements properly.
On mobile now and can’t find it at a quick glance but will look back later if you don’t have any succes.
Thank you Francis. This is how you can address https within your own network, but doesn’t tell me how to configure my HA so it can be addressed using https.
And what kind of certificate should this be? Usually a certificate is for a specific domain name, isn’t it? But internally I only use internal IP addresses……
Honestly, I don’t think your request is possible. But if you want to try what you have to do is make a self-signed certificate. Services which make trusted certificates like Let’s Encrypt will not give certificates for private, lan-only domains/addresses so you will have to make one yourself. Here’s a guide I found on how to do this that should work. You can follow that, make your self-signed certificate and then serve it up from HA.
Here’s the catch though, nothing in the world will trust that certificate. Certificates are only trusted if they are issued by a known, public Certificate Authority like Let’s Encrypt. If you issue a certificate yourself then it won’t be trusted unless a device/service has specifically been told to trust that certificate by uploading it to a list of trusted certificates. I believe that would mean every device you intend to cast to would need to be told in advance to trust the certificate by uploading it. I don’t believe that’s possible for most devices you’d want to cast to, pretty certain there’s no way for the Google Nest Hub.
You’re more then welcome to try it. It’s not particularly difficult to copy and paste a few openssl commands and then modify YAML to reference the new files. I just have very low confidence that it will actually work.
Why? This seems like far and away the best approach. Using HA cloud does not require you open any ports on your router so you can keep your house secure. Your IP address also will only be known to the HA cloud service, nothing else. Granted HA cloud is still a public cloud service but at least it has a strong privacy policy. And seems like it is made by a dev team you trust since you run HA already and that’s made by the same team.
This seems like far and away the best option given your requrirements. Can you clarify why you don’t want this?
Here’s what I have so far for a self-signed certificate:
Recently I have a pixelserv setup for ad blocking (link)
And with pixelserv, you would got a ca.key & ca.crt pair for your local server
One would have to manually install / import that ca.crt into your PC/mac/iOS/Android, so that your browsers would say “OK https on this local ip is fine.”
So the way I see it, one would have to (a) tell HA to serve https with the certificate you generated for local, and (b) import your self-signed local certificate into your ChromeCast device
(a) is possible with some changes under HTTP - Home Assistant (home-assistant.io), or see what @duceduc mentioned above, or what @CentralCommand mentioned above
(b), on the other hand, would be rather difficult - is it possible at all to import your own cert into a ChromeCast device? I have not seen one, and suppose this is the part where the ChromeCast would rely on internet to work, because ChromeCast devices would not take self-signed SSL, it seems, and where the Nabu Casa or Let’s Encrypt comes in.
Yea you can definitely get self-signed certificate working with your typical desktop, laptop and mobile devices. I have done that as well. I actually have two different certificates and paths to my HA, a public one using a certificate issued by a public CA for a domain I control and a private one issued from a private CA that I have made trusted on all devices that connect to HA.
But Chrome cast is tricky because it involves devices like the Nest Hub and TVs that are typically very locked down and don’t have options for uploading certificates to trust.
Also as an aside, I also don’t know if its even possible to keep this completely local. That FAQ mentions that you need to authorize HA with the Home Assistant Cast app. It also mentions the website https://cast.home-assistant.io later in the article. If you have to authorize with an external service then most likely you must have an externally accessible to HA to do that.
I want to be clear, I have not set up Home Assistant Cast so I’m not certain about this last part. The FAQ does not specifically mention a requirement that HA must be externally accessible so I may be wrong. I can talk about SSL certificates with confidence, I can’t speak with confidence about what the Home Assistant Cast app can or cannot do. I simply note it because the mention of an authorization step raised mental flags for me.