Hi everyone, I did most of the setup on my HA installation back in 2020-21, and have been updating regularly, but have only made minor changes to the overall configuration, like adding new devices. All of my automations/scripts are still in YAML (which I prefer until commenting capability is added to the UI).
My setup is pretty basic:
HA Core on RPi 4, with wired NW, Zwave, and Zigbee, on SD card.
Local connection is HTTP (not secure)
Subscribed to Nabu Casa to Connect Remotely via iPhone Mobile App
Use DuckDNS for Dynamic IP change notification
Do not use Let’s Encrypt
Use Samba for local access from Windows
My local network is behind a router firewall and I do not currently host my own domain locally
All this works fine and is pretty robust. I remember when I set up DuckDNS trying to also set up Let’s Encrypt, but ultimately did not for some reason (maybe because I use NC?). However, today I received an email from Let’s Encrypt that they will no longer be providing reminders to renew certificates. I wanted to ask the following:
(1) Will this impact my current configuration in any way? I don’t imagine it will, unless it impacts NC, which I assume they will handle, and also in general,
(2) Does anyone have any recommendations on ways to improve on my setup in terms of security, reliability, or enhancement? For example, is there any reason to install Let’s Encrypt? (TBH, I’m not really clear from all the documentation on it’s use, where I would use it, except for hosting my own domain using it for remote access. Is there any other reason?)
I’d greatly appreciate any advice or suggestions anyone can offer.
Why are you using DuckDNS with Let’s Encrypt if you also have Nabu Casa? I dropped DuckDNS and LetsEncrypt like warm dung.
I use the Zerotier add-on that creates a software-defined WAN. Using my ZeroTier IP address I can SSH into any server on my LAN and use Samba shares from anywhere I have Internet.
Similarly, I use DWService to allow for remote screen sharing from anywhere I have Internet.
Hi Tom, I use remote management SW to access and control all my LAN workstations/servers remotely, as if I’m sitting in front of them. I can, of course, access HA this way as well, once on the LAN, but it does not provide the notifications and ease of access (all the time) like NC does through the Mobile App (or at least I haven’t gone to the trouble to figure out how to make it work).
I have a duckdns.org domain that needs to reflect any changes in my dynamic IP address from my ISP that I use with this app. If I understand DNS IP correctly, it just exposes the IP to HA, which wouldn’t really do what I need.
As mentioned in my OP, I don’t use DuckDNS in conjunction with Let’s Encrypt, since I do use NC. I don’t use Let’s Encrypt at all atm, and is kinda why I was asking if anyone does (and if so, how and why). I use DuckDNS for other reasons, as I explained to Tom, since it was built into HA already and worked like I needed it to. I previously used services like DynDNS but it began requiring monthly emails to keep it from being deleted.
The remote access app I mentioned above I already own and provides many more capabilities than either of the programs you mention. It wasn’t free, but I already owned it. I provides clients for any OS, including my iPhone, that allows me to view, control, reboot, FTP, and share screens and audio if necessary. I just use it to access my home resources while away.
I bookmarked the products you mentioned, though. They do look interesting. Thanks.
They decided is was not worth the effort. Certificates should be renewed automatic So not really a change, unless you received emails from Lets Encrypt on a regular base…
I originally used DuckDNS along with LetsEncrypt for remote access before NC was a thing. I don’t use it for HA remote access anymore but I still use DuckDNS to obscure my real IP I use for remote access to my home PC via RDP type software.
But I still have my LetsEncrypt certs auto renewed as needed just in case they ever come in handy in the future for some other use. I figure if I have them renewed automatically then it’s not something I even have to interact with and likely easier than setting everything up again in the future.