mirror of
https://github.com/home-assistant/home-assistant.io.git
synced 2025-05-20 01:48:59 +00:00

* Automatically create linkable headers
* Visually improve position of linkable header chain icon
* Do not auto link headers on homepage
* Remove linkable_title everywhere
* 🚑 Re-instante linkable_title plugin as NOOP
2.6 KiB
2.6 KiB
layout, title, description, date, sidebar, comments, sharing, footer, redirect_from
layout | title | description | date | sidebar | comments | sharing | footer | redirect_from |
---|---|---|---|---|---|---|---|---|
page | Certificate for SSL/TLS via domain ownership | Configure a certificate to use with Home Assistant | 2017-02-17 08:00 | true | false | true | true | /cookbook/tls_domain_certificate/ |
If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. You can use Self-sign certificate but your browser will present a warning and some https-only features might not work.
Requirement for this guide
- Your Home Assistant instance is not exposed to the internet. If it is - use this guide
- You control a public domain name. The domain doesn't have to point to a site. A domain controlled by a trusted friend will do. (A friend you trust not to MITM you)
- Your home router supports custom DNS entries.
Run certbot
$ mkdir certbot
$ cd certbot
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto --manual certonly --preferred-challenges dns -d "mydomain.com" --email your@email.address
- Agree to Terms of Service
- Choose whether to share your email with Electronic Frontier Foundation.
- Agree to your IP being logged
You will get the following text:
Please deploy a DNS TXT record under the name
_acme-challenge.mydomain.com with the following value:
deadbeefdeadbeefdeadbeefdeadbeefdeadbeef
Once this is deployed,
-------------------------------------------------------------------------------
Press Enter to Continue
- Deploy the value to TXT field using your domain registrar.
- Go to a site that queries domain record. For example this one and look if it sees your brand new TXT field (Don't forget to enter the full domain:
_acme-challenge.mydomain.com
) - Press Enter at certbot prompt.
Make mydomain.com point to your Home Assistant instance
If your router uses DNSMasq (for example DDWRT) add the following line to DNSMasq options:
address=/mydomain.com/<hass ip>
Edit your Home Assistant configuration to use your certificates
The http
section must contain the full path to the needed files.
http:
api_password: YOUR_SECRET_PASSWORD
base_url: https://mydomain.com:8123
ssl_certificate: /etc/letsencrypt/live/mydomain.com/fullchain.pem
ssl_key: /etc/letsencrypt/live/mydomain.com/privkey.pem
Make sure the files are accessible by the user that runs Home Assistant, eg. homeassistant
for a HASSbian setup.