jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-05-20 01:48:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
home-assistant.io/source/_docs/ecosystem/certificates/tls_domain_certificate.markdown
Franck Nijhof ebca3218c7
🔥Removes linkable_title everywhere (#9772) 
* Automatically create linkable headers

* Visually improve position of linkable header chain icon

* Do not auto link  headers on homepage

* Remove linkable_title everywhere

* 🚑 Re-instante linkable_title plugin as NOOP
2019-07-04 19:08:27 +02:00

2.6 KiB
Raw Blame History

layout, title, description, date, sidebar, comments, sharing, footer, redirect_from
layout title description date sidebar comments sharing footer redirect_from
page Certificate for SSL/TLS via domain ownership Configure a certificate to use with Home Assistant 2017-02-17 08:00 true false true true /cookbook/tls_domain_certificate/

If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. You can use Self-sign certificate but your browser will present a warning and some https-only features might not work.

Requirement for this guide

  • Your Home Assistant instance is not exposed to the internet. If it is - use this guide
  • You control a public domain name. The domain doesn't have to point to a site. A domain controlled by a trusted friend will do. (A friend you trust not to MITM you)
  • Your home router supports custom DNS entries.

Run certbot

$ mkdir certbot
$ cd certbot
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto --manual certonly --preferred-challenges dns -d "mydomain.com" --email your@email.address
  • Agree to Terms of Service
  • Choose whether to share your email with Electronic Frontier Foundation.
  • Agree to your IP being logged

You will get the following text:

Please deploy a DNS TXT record under the name
_acme-challenge.mydomain.com with the following value:

deadbeefdeadbeefdeadbeefdeadbeefdeadbeef

Once this is deployed,
-------------------------------------------------------------------------------
Press Enter to Continue
  • Deploy the value to TXT field using your domain registrar.
  • Go to a site that queries domain record. For example this one and look if it sees your brand new TXT field (Don't forget to enter the full domain: _acme-challenge.mydomain.com)
  • Press Enter at certbot prompt.

Make mydomain.com point to your Home Assistant instance

If your router uses DNSMasq (for example DDWRT) add the following line to DNSMasq options:

address=/mydomain.com/<hass ip>

Edit your Home Assistant configuration to use your certificates

The http section must contain the full path to the needed files.

http:
  api_password: YOUR_SECRET_PASSWORD
  base_url: https://mydomain.com:8123
  ssl_certificate: /etc/letsencrypt/live/mydomain.com/fullchain.pem
  ssl_key: /etc/letsencrypt/live/mydomain.com/privkey.pem

Make sure the files are accessible by the user that runs Home Assistant, eg. homeassistant for a HASSbian setup.