jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-05-07 03:28:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
home-assistant.io/source/_cookbook/tls_domain_certificate.markdown
Andrey 6116ee55c3 Add cookbook entry for generating TLS by owning a domain. (#2077) 
* Initial file for getting TLS certificate

* Write instruction

* Fixes
2017-02-19 18:19:34 +01:00

2.6 KiB
Raw Blame History

layout, title, description, date, sidebar, comments, sharing, footer, ha_category
layout title description date sidebar comments sharing footer ha_category
page Certificate for SSL/TLS via domain ownership Configure a certificate to use with Home Assistant 2017-02-17 08:00 true false true true Infrastructure

If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. You can use Self-sign certificate but your browser will present a warning and some https-only features might not work.

{% linkable_title Prerequirement for this guide %}

  • Your Home Assistant instance is not exposed to the internet. If it is - use this guide
  • You control a public domain name. The domain doesn't have to point to a site. A domain controlled by a trusted friend will do. (A friend you trust not to MITM you)
  • Your home router supports custom DNS entries.

{% linkable_title Run certbot %}

$ mkdir certbot
$ cd certbot
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ sudo ./certbot-auto --manual certonly --preferred-challenges dns -d "mydomain.com" --email your@email.address
  • Agree to Terms of Service
  • Choose whether to share your email with Electronic Frontier Foundation.
  • Agree to your IP being logged

You will get the following text:

Please deploy a DNS TXT record under the name
_acme-challenge.mydomain.com with the following value:

deadbeefdeadbeefdeadbeefdeadbeefdeadbeef

Once this is deployed,
-------------------------------------------------------------------------------
Press Enter to Continue

  • Deploy the value to TXT field using your domain registar.

  • Go to a site that queries domain record. For example this one and look if it sees your brand new TXT field (Don't forget to enter the full domain: _acme-challenge.mydomain.com)

  • Press Enter at certbot prompt.

{% linkable_title Make mydomain.com point to your Home Assistant instance %}

If your router uses DNSMasq (for example DDWRT) add the following line to DNSMasq options:

address=/mydomain.com/<hass ip>

{% linkable_title Edit your Home Assistant configuration to use your certificates %}

http:
  api_password: YOUR_SECRET_PASSWORD
  base_url: https://mydomain.com:8123
  ssl_certificate: /etc/letsencrypt/live/mydomain.com/fullchain.pem
  ssl_key: /etc/letsencrypt/live/mydomain.com/privkey.pem

Make sure the files are accessible by the user that runs Home Assistant, eg. homeassistant for a HASSbian setup.