HI All, Im at a loss. I’ve tried so many ways to get HTTPS working on internal network. I have tried all sorts of tutorials and methods. Duckdns, nginix etc etc but I just cant get it to work. Can some one please help. I have HA running on a x86 machine using HA os, I have nabu casa cloud, I have a VPN for external acess, i have a firewalla purple router, I have a synology NAS which has containers and I even have a raspberry pi lying around I could use. Does anyone have a solution.
Any certificate issues?
Https for what goal?
Technically a self signed cert will work but in some case you may need not_verify_ssl or similar
I wanted local https site for use at home mostly because esphome wouldn’t allow serial.
I setup local dns server. Firewalla has that
I got domain for my LAN. Myhome.com
I setup HA and other services to be reverse proxied by caddy.
I used dns to refdirect all traffic going to myhome.com to caddy local caddy proxy
Then setup caddy to renew ssl cert for the local domain. I do not forwardnports to caddy so I use an api (caddy module) to verify domain with hosting provider
I did this for experience but not sure it is necessary
I’ll give it a go! Thanks for your help
I don’t know what’s going on. I import the cert etc but it just doesn’t go. I’ve successfully set up https for the nas but just can’t for ha
I just started with HA over the holidays and had exactly the same problem. After several unsuccessful attempts to use the esphome device builder, I switched over to configure the esp32’s via the terminal. No Google https nonsense anymore and 100% control. I am on Linux but the same can be done on Windows Powershell/cmd. There are only very few commands needed to install , compile and flash your esp32. Here is what I do using uv pip to give you an idea:
# Installation: create a venv and install esphome package:
uv venv ~/.venvs/esphome --python 3.13
# 2025-12-19: there where problems with the the current version, not sure if the version restriction is needed...
uv pip install esphome==2025.11.4
# activate the esphome Python venv (this is for fish shell, for bash it is only `activate`:
source /home/ksx/.venvs/esphome/bin/activate.fish
# also created a shortcut for the fish shell:
# abbr esp 'source /home/ksx/.venvs/esphome/bin/activate.fish'
# build (the inital run takes a long time (5min?), after that ~30s):
esphome -v run test.yaml
# or build and upload:
esphome -v run test.yaml --device /dev/ttyUSB0
# in case the compile does not work and it is not a script error, try...
esphome clean-all
Yes you can use ssl on your local network.
Basically you will use nginx to create your local domain for that container like esphoome.mydomain.com
Using adguard as local dns server, or something else, you can tell your dns resolver that esphome.mydoma.com should be resolved back to your server ip address.
Create your own ssl cert for that domain and add it to nginx.
You can use this to easily create your own CA and issue certs for your local usage at will.
And just add that ca to your trusted ca in browser so it doesnt complain.
I’d go a step further; having Synology NAS it is possible to use build in LetsEncrypt certificates tool to obtain CA signed certificates instead of self-signed, that sometimes might cause issues.
So I use:
- Synology NAS as reverse proxy and for LetsEncrypt certificates
- AdGuard Home (running in docker on NAS) for DNS rewrites for LAN
This way I can use the same URLs (subdomains of my main domain) pointing to different services on my LAN, regardless of accessing them from Internet (only selected subset of critical one) or from LAN (whatever I want).
I was using letsencrypt certs with auto renewal but as i know you will need a domain that you will either purchase or use some free domains if you can find one.
I abandoned that solution and went for my own ca as I would like to manage my own certs on my own terms.