SSL for HA with VPN

alve89 · December 9, 2021, 5:10am

Hi guys!

Right now I’m using my HA installation with port forwarding. So it’s accessible remotely with my public IP address with DDNS (own domain name server, not DuckDNS). It’s SSL/TLS encrypted with Let’s Encrypt.

I just found out my router directly supports VPN, so I want to hide my HA by removing the port forwarding and make it accessible via VPN only.

Since it will not be accessible with the public IP and DDNS domain but only with the private IP address (and it’s hostname), I’m wondering if it is still useful to keep the SSL/TLS encryption?
As far as I understand I can’t use Let’s encrypt to generate a certificate because the HA isn’t accessible anymore. If I should keep the encryption, how would I do that?

Thanks and regards!

frits1980 · December 9, 2021, 5:31am

Yes you can. But not with the current configuration. You can use let’s encrypt via DNS. You only need a free cloudflare account (or one of the other DNS services) to make this work.

alve89 · December 9, 2021, 6:41am

Could you please give me more information about this and how to do this? Since I do not have a static public IP, I need to work with DDNS, right? For this I’m using my webhoster, where I can both edit DDNS and DNS settings.