[SOLVED] Alternative to Let's Encrypt that doesn't need port 80/443

Hello guys.

This is my problem: my ISP won’t allow me to open ports 80/443. I already opened all the ports I need, including 80/443 in my modem. All the other ports works, but not those two. I contacted my ISP and they said that’s it. They don’t allow it. It’s not a modem configuration. The ISP itself doesn’t allow unless I change my Internet Plan for a more expensive, with static IP and stuff…

I dont use port 80/443 to access my HA, but I use Let’s Encrypt and it requires port 80/443 open when renewing the certificate.

I tried to see if it’s possible to change those ports on Let’s Encrypt so they use other ports when renewing, but apparently this is a big deal in LE forums and it’s already said that it’s not possible.
(If i’m mistaken, please tell me).

So my question is: do you guys know any other alternative to Let’s Encrypt that I dont need ports 80/443? If that’s not possible I’ll have to end up paying that “home assistant cloud” to access my HA with HTTPS over the internet =/

Thanks in advance!

Not the solution you’re asking for. But:

  1. NabuCasa as you stated.
  2. A cheap VPS for $5 a month (the advantage is that you can use it for other things).
  3. Expose HA without SSL. Sign up for a ClouldFlare account and use that as a proxy (it will use SSL between you and Cloudflare, and then restrict HA to only allow local access and the ClouldFlare IP addresses.
  4. Using ZeroTier or a VPN. (The only downside is that you’d need an app to be connected at all times).
  5. Change ISP?

Are you using your own domain and can control DNS (in particular the ability to create TXT entries)? In that case you could use Letsencrypt’s DNS challenge.

1 Like

This way will I be able to use Google Home? (because to expose my services/scripts/etc to google home/amazon alexa it needs to be with HTTPS, right?)

I use DuckDNS. Do you know if it’s possible with it?
I’ll google this Letsencrypt’s “DNS Challenge” anyway. I’ve never heart of it… I’ll check to see if it’s useful for me

Thanks, guys!

If you’re using hass.io, I believe the DuckDNS addon uses the DNS challenge so you won’t need ports forwarded…

Ops, sorry. Forgot to detail my setup.

I don’t use Hassio. I use Raspbian running in a Rpi 3.

But this is good to know. So if I use Hassio I wont have problem renewing my certificate without ports 80/443?

See this writeup. You will need a port open, but 80/443 is not required.

This might help - it mentions that “DuckDNS supports setting TXT records”, so even without hass.io you might be able to use the DNS challenge.
Effortless encryption with Let's Encrypt and DuckDNS - Home Assistant

1 Like

Yes, you should be able to use anything that requires HTTPS without an issue as long as it accepts a custom port (you won’t be able to use the default one).

My two cents: Nabu Casa. It takes like 5 minutes to get set up, you get a remote UI out of the box without opening ports. As a bonus, instant Google Home and Alexa support with more goodies coming soon.

Thanks a lot! I used this link, it took me to this page HASS, DuckDNS and Let's Encrypt [splitbrain.org]
I followed the tutorial and it worked like a charm. Now I have SSL without ports 80/443 opened.

2 Likes