Setup HAS with purchased SSL certificate using reverse proxy

Hi HA community,

I am struggling to get a secure (SSL) connection to my HAS system.

This what i have done so far;

  1. I purchased a domain at namechaep (e.g. mydomain.link)
  2. I purchased a SSL certificate at namechaep
  3. I set-up the DDNS service at namecheap
  4. I created a subdomain (e.g. has.mydomain.link)
  5. I setup a reverse proxy server
  6. I created an ALIAS dns record pointing to “has.domain.link” which points to my proxy server
  7. The proxy server (running on a synology nas) has port 80 and 443 open.
  8. The SSL certificate works, because i get a secure connection to the Synology nas.
  9. The reverse proxy server is pointing to my internal HAS server on a separate machine (Running on an Intel NUC) internal IP → https://192.168.20.6 port:8123
  10. I installed NGINX on home assistant.

I get connected from outside to my HAS, but is not a secure connection??

Then next;
11. I translated the SSL certificate to PEM format and installed them in the /SSL directory on the HAS server (both the server.key = privkey.pem and fullchain.pem).

Also by doing so i still do not get a secure connection towards my HAS server.

What am i missing and or doing wrong?

Any help would be greatly appreciated.

Is that name included in your certificate, either as a specific domain or as a wildcard?

In most browsers you can click on the chain lock icon to view the certificate information that is presented to the browser.

Hi WallyR,

the certificate is issued to the main domain. When i check the certificate details in the brower i see in the common Name (CN) only the main domain name. “mydomain.link”.

When reading online documentation on reverse proxy, my understanding was that whould open have to open port 80 and 443 to savely reach all other servers behind the proxy server using the domain cerificate.

The certificate only validates my domain.xy, not has.mydomin.xy.
You need to use my domain.xy, when connecting from outside or you need to update the certificate with the alternative name, has.mydomain.xy (or *.mydomain.xy)

Hi WallyR,

Thanks or your reply.

I solved the issue in this manner;
On the synology nas for the domain ‘has.mydomain.link’ i created let’s encrypt certificate.
As mentioned in my initial post; the 'has.mydomain.link’is forwarded via reverse proxy to the HAS server in my internal network 192.168.20.6:8123

When now access the HAS server from outside my network ik get a secure connection.