Setting up external https through a router that already runs DDNS

incep · August 12, 2021, 2:08pm

Hi,
I’m setting up my Home Assistant to be reachable from outside my network, but need help doing it the ‘right’ way.
I have a pfSense router on which I’ve made some SSL certificates from Let’s Encrypt and use DuckDns as DDNS provider. Previously I’ve done the same directly on HA, but now I want more things to be accessible on the same address.

The SSL certificates from the router are connected to the domain I’ve made, right? So should I use the same certificates on my HomeAssistant installation? Can I generate another SSL certificate from Let’s Encrypt based on the same domain, and should I?

Many thanks!

koying · August 12, 2021, 2:12pm

A certificate is linked to a domain, e.g. “mydomain.duckdns.org”.
As long as the service being called, whether HA or on your router, is called via a “https://mydomain.duckdns.org…” url, the same certificates can be reused.

incep · August 12, 2021, 3:02pm

Thanks. This was much simpler than I thought it would be.

I tried making a directroy ‘ssl’ and put a .crt and .key file in there.
I then edited config.yaml to the following

http:
server_port: 8123
ssl_certificate: /config/ssl/xx-duckdns-org-prod.crt
ssl_key: /config/ssl/xx-duckdns-org-prod.key

Note: didn’t have to use the .pem format, despite this being used in HA examples.

Now I just need a periodic certificate updater from pfSense so I don’t have to do manual labour every couple of months.

koying · August 12, 2021, 3:07pm

Your .crt and .key are very likey pem (base64 text; starts with “-----BEGIN”) whatever the file extension.