New to HA, trying to figure out https on HA. I looked around at docs and posts. I’m sure someone has already explained this but I’m still not understanding it.
- I want to do https on my local LAN to ensure even internal traffic is encrypted
- I have to use https to make the esphome addon work for programming ESP’s through USB connection.
- My HA box uses internal private IP address and internal domain name that I do not expose to Internet (I run internal DNS server with personal zone). This domain is named like
ha.subdomain.domain.com - On the Internet side, I have DNS domain and defined Arecord->WANip for the
ha.domain.comand could port-forward it inside. I’ve not done that part yet – just defined the Arecord to get LE SSL cert. - I got Letsencrypt SSL cert for the
ha.domain.comaddress by using the LE HA addon and changing the configuration.yaml file. - This works, but of course I get the invalid cert when I web browse to the HA device at
ha.subdomain.domain.com. So what, fine with me. - But I am unable to use the HA mobile app because of the “certificate mismatch” error on the app when connecting to the local URL.
What am I supposed to do?
Solutions:
- Access the HA box from “the outside in” through the
ha.subdomain.domain.comname and routing. This creates a cloud dependency that is antithetical for use inside my physical home. - Create split-brain DNS off my internal DNS server so I can use
ha.domain.cominternally. But I have many other hosted services I use that are external and fall off the*.domain.comdomain - Add the
subdomain.domain.comto the external DNS database. This is yucky idea. - …