Sharing Letsencrypt certificates between Synology and HA on docker

Hi, I have working HTTPS access to my Synology with letsencrypt.
I have HA running on Docker on the Synology, and would like to point to the same certificate in configuration.yaml in order to securely access to HA too. However, I cannot find where in the DSM file system the certificates are and how to make them visible within the docker container (restarting docker with a -v mounting option?). But really I cannot find in /etc a letsencrypt directory … to get them from.

Any help very appreciated

This is the kind of things a reverse proxy is used for. NGINX for example (it’s what I use).

NGINX is the only thing that looks at the certificate. And I only have to forward a single port to my router.

From there, NGINX redirects traffic to the correct destination for me. In my case, it redirects all traffic to my Home Assistant webpage on port 8123. This redirection can be to any place you want. And it can be multiple places as you configure it based on the incomming url.

So you could have one location point to your HA instance. And another location point to some other webserver on your network. And those web servers don’t have to do their own SSL stuff!

This also means that my local home assistant is running without encryption on the LAN only. This is super useful as there are tons of things you might have that cannot connect with a SSL certificate. And even if they do, there is a lot of cpu overhead associated with doing that.

I would recommend looking into a reverse proxy and getting it set up.

Thank you Jim for the suggestion. I found where Synology stores the certificates (/usr/syno/etc/certificate/_archive) but I will indeed go by using the reverse proxy that is a cleaner and more general solution (this way I will also reduce the forwarded ports on my router).

I configured the reverse proxy by sending https://ha.mydomain.synology.me to http://localhost:8123
and by remote access indeed (after an alert from the browser saying that the certificate is untrusted) I get to the home assistant login page (hence it seems to work).
However, when I insert the credentials (the same that work for http://localIP:8123) HA replies with ‘Unable to connect to home assistant’

What am I missing? Anything that should be added to configuration.yaml (I supposed no).

Take a look at this thread: Using Let's encrypt certificate of Synology NAS

Check that you’ve enabled websockets:

Thank you for the suggestion. I did not, but now I have enabled them.

When I type from within my LAN https://ha.mydomain.synology.me in the browser I get the login screen and then get into HA. If I do the same from outside, I get to the HA login page but then ‘unable to connect to Home Assistant’

I tried changing several options (disabled firewall, …), restarted the Web server on Synology, then restarted the whole Synology, checked configuration.yaml and restarted HA. Nothing changes.

Any hint?

I dropped the subdomain ‘ha’ in the reverse proxy and in the base url in configuration.yaml
and https://mydomain.synology.me now works from outside too.

I’m probably missing something about the possibility to prefix a subdomain …
That would be handy tough …