In the root of the domain (/home/domain/) there are 5 files related to SSL:
None of these files are available to the Home Assistant VM at 192.168.2.100.
In the past, I have simply created a cron job that copies ssl.cert and ssl.key to the Home Assistant ssl folder which was located at /usr/share/hassio/ssl, then ran a rename script to change them to fullchain.pem and privkey.pem.
Now that I’m using a supported version of Home Assistant Core, it doesn’t appear that I’m able to access this location like I could when I had control over the host.
Since port 80 and 443 are already handled by the other host running apache, how would I go about securing my installation of Home Assistant without having to temporarily re-direct port 80/443 to the HA host?
Cant you use apache as the reverse proxy and if so HA not need ssl cert access. Ssl access only needed by apache and you may http to backend server. But a lot of this depends on what “out network” means
I don’t quite understand reverse proxy, although I have made it work before, but never without using a subdomain and never without still needing to tack the port number to the end of the URL. i.e. https://subdomain.domain.com:8123, which seems to be counter intuitive.
Also, in that case, I’ve never been able to operate HA in an SSL environment without having the SSL keys duplicated to the actual HA SSL folder.
My basic understanding is that if I have Apache handling the SSL, then I don’t need to run SSL on Home Assistant at all…but I’m just guessing, and I don’t really know how it works at this point.
The proxy is configured correctly as far as I can see. But, when I look at the Core log in HA by accessing it via http instead of https (yes that works) I see a login attempt that’s failing using the main domain as the proxy address instead of the internal IP address of the HA host.