SSL Certificates on Windows Platform -- Error in Log

So I’ve followed the docs and examples as best I could with some minor adjustments since I’m the sole adventurer running HA on an old Windows machine (specifically WHS 2011).

Here’s what I have in my configuration.yaml:

http:
  # Secrets are defined in the file secrets.yaml
  api_password: !secret http_password
  # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
  base_url: ioak.noip.me:8123
  ssl_certificate: C:\Users\Administrator\AppData\Roaming\.homeassistant\certificate.pem
  ssl_key: C:\Users\Administrator\AppData\Roaming\.homeassistant\privkey.pem

And here is the error I’m seeing in the log file:

2018-02-23 08:54:48 ERROR (MainThread) [homeassistant.core] Error doing job: Task exception was never retrieved
Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python36-32\lib\asyncio\tasks.py", line 180, in _step
    result = coro.send(None)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python36-32\lib\site-packages\homeassistant\components\cloud\__init__.py", line 250, in async_start
    self._decode_claims(info[token])
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python36-32\lib\site-packages\homeassistant\components\cloud\__init__.py", line 281, in _decode_claims
    from jose import jwt, exceptions as jose_exceptions
  File "C:\Users\Administrator\AppData\Roaming\.homeassistant\deps\Python36\site-packages\jose\jwt.py", line 11, in <module>
    from jose import jws
  File "C:\Users\Administrator\AppData\Roaming\.homeassistant\deps\Python36\site-packages\jose\jws.py", line 8, in <module>
    from jose import jwk
  File "C:\Users\Administrator\AppData\Roaming\.homeassistant\deps\Python36\site-packages\jose\jwk.py", line 10, in <module>
    from jose.backends.base import Key
  File "C:\Users\Administrator\AppData\Roaming\.homeassistant\deps\Python36\site-packages\jose\backends\__init__.py", line 3, in <module>
    from jose.backends.pycrypto_backend import RSAKey
  File "C:\Users\Administrator\AppData\Roaming\.homeassistant\deps\Python36\site-packages\jose\backends\pycrypto_backend.py", line 3, in <module>
    import Crypto.Hash.SHA256
  File "C:\Users\Administrator\AppData\Roaming\.homeassistant\deps\Python36\site-packages\Crypto\Hash\SHA256.py", line 55, in <module>
    """)
  File "C:\Users\Administrator\AppData\Roaming\.homeassistant\deps\Python36\site-packages\Crypto\Util\_raw_api.py", line 180, in load_pycryptodome_raw_lib
    raise OSError("Cannot load native module '%s'" % name)
OSError: Cannot load native module 'Crypto.Hash._SHA256'

At this point I’m not 100% sure the errors are related to my configuration or just a system level issue. Perhaps the openssl executable needs to be in the path?

honestly, I’d just setup a reverse proxy (either on another PC or that windows PC).

Added benefit of a reverse proxy is that you can drop the api_password in HA and only require authentication if connecting from outside of the network. On my own reverse proxy setup I use certificate verification so I don’t even have to use passwords, I just select the certificate if it asks.

NGINX works on Windows (beta, but should do what you need) and is easy to configure as a reverse proxy. There are examples on the HA documentation page.