New to HA, trying to figure out https on HA. I looked around at docs and posts. I’m sure someone has already explained this but I’m still not understanding it.
- I want to do https on my local LAN to ensure even internal traffic is encrypted
- I have to use https to make the esphome addon work for programming ESP’s through USB connection.
- My HA box uses internal private IP address and internal domain name that I do not expose to Internet (I run internal DNS server with personal zone). This domain is named like
ha.subdomain.domain.com
- On the Internet side, I have DNS domain and defined Arecord->WANip for the
ha.domain.com
and could port-forward it inside. I’ve not done that part yet – just defined the Arecord to get LE SSL cert. - I got Letsencrypt SSL cert for the
ha.domain.com
address by using the LE HA addon and changing the configuration.yaml file. - This works, but of course I get the invalid cert when I web browse to the HA device at
ha.subdomain.domain.com
. So what, fine with me. - But I am unable to use the HA mobile app because of the “certificate mismatch” error on the app when connecting to the local URL.
What am I supposed to do?
Solutions:
- Access the HA box from “the outside in” through the
ha.subdomain.domain.com
name and routing. This creates a cloud dependency that is antithetical for use inside my physical home. - Create split-brain DNS off my internal DNS server so I can use
ha.domain.com
internally. But I have many other hosted services I use that are external and fall off the*.domain.com
domain - Add the
subdomain.domain.com
to the external DNS database. This is yucky idea. - …