I have successfully migrated from Home Assistant Cloud (sorry Nabu Casa) to managing local SSL certificate using the Lets Encrypt and DuckDNS add-ons.
I am not an IT pro but I have a good understanding of networking and my recommendation is that if you are not comfortable with networking, the Nabu Casa option is worth the price and headaches.
I still have a few issues and discussion items for the community:
I elected to open a random port routed to the HA as opposed to 443 as I believe it would be a bigger security risk. I also feared it would interfere with remote access on my UDM-Pro. I found out this will still work for Google integration but not Alexa.
How to I handled local traffic with SSL? the local url does connect https://homeassistant.local:8123 but with security error. I can use the external url on the local lan and it works but do I understand it needs to resolve externally to
duckdns ?
I need a local SSL cert? self-signed certificate? Thats outside my knowledge base.
That is because your SSL certificate does not match with the FQN homeassistent.local.
All you need to do is to set your SSL certificate’s dns name in your local dns server (=router)
so the URL for external (https:/home.assistant.url) and internal (https:/home.assistant.url:8123) are both the same (except for the port), and SSL certificate is valid agian.
If you want to get rid of :8123, configure hairpin NAT (which is not recommended, but for local use pretty safe)
Thanks for the quick feedback and guidance.
I’ll probably have to do a bit of trial and error since I have all my IoT on a VLAN on my UDM Pro. When using my browser I am on a separate VLAN. I suspect DNS resolution is done at the VLAN level… Anyway, I have something to explore.