+The instructions in this blog post are outdated. Please have a look at the new instructions. +
+ Exposing your Home Assistant instance outside of your network always has been tricky. You have to set up port forwarding on your router and most likely add a dynamic DNS service to work around your ISP changing your IP. After this you would be able to use Home Assistant from anywhere but there is one big red flag: no encryption. This tutorial will take you through the steps to setup a dynamic DNS for your IP and allow trusted encrypted connection to it - for free using [DuckDNS] and [Let's Encrypt]. diff --git a/source/_posts/2017-09-27-effortless-encryption-with-lets-encrypt-and-duckdns.markdown b/source/_posts/2017-09-27-effortless-encryption-with-lets-encrypt-and-duckdns.markdown new file mode 100644 index 00000000000..b0e78bcf681 --- /dev/null +++ b/source/_posts/2017-09-27-effortless-encryption-with-lets-encrypt-and-duckdns.markdown @@ -0,0 +1,41 @@ +--- +layout: post +title: "Effortless encryption with Let's Encrypt and DuckDNS" +description: "Get Home Assistant encrypted in less than 5 minutes." +date: 2017-09-27 00:05:00 +0000 +date_formatted: "September 27, 2017" +author: Paulus Schoutsen +author_twitter: balloob +comments: true +categories: How-To +og_image: /images/blog/2015-12-lets-encrypt/letsencrypt-secured-fb.png +--- + +When Let's Encrypt launched we were estatic: finally an easy and free way for our users to securely access their homes remotely. Let's Encrypt signifianctly lowered the bar to get and renew SSL certificates. However, this process could still be quite an obstacle for our users. It required opening ports on the router and remembering to renew the certificate every so often. + +Thanks to a [blog post][splitbrain] by Andreas Gohr I realized that DuckDNS supports setting TXT records, making it compatible with the DNS-01 challenge of Let's Encrypt. The DNS-01 challenge is using the DNS record of the domain instead of interacting with the server. This means that it's not needed for the user to open any ports! + +I have worked together with [Pascal Vizeli][pvizeli] on updating the DuckDNS add-on for Hass.io and today we're proud to announce it now includes automatic generation and updating of Let's Encrypt certificates for your DuckDNS domain. The only thing that you have to add to your DuckDNS configuration is that you accept their [terms of service][terms] and point Home Assistant at the generated certificates and you're good to go. No other work is required. + +To get started today, start with making sure that you have [Hass.io installed][hassio]. After that, go to the Hass.io panel in Home Assistant, open the add-on store, scroll down to DuckDNS and install it. In the DuckDNS settings change "accept_terms" to true and start it. + +Next up is to configure Home Assistant with the config below and restart it. You're now good to go! Make sure to use the right protocol when browsing to your instance: `https://