How to setup DuckDNS domain name and Lets Encrypt SSL certificate for Home Assistant

Great Tutorial! It worked perfectly! I have to admit...when I clicked your video and saw that you were recording from your car, I though this was going to be a joke. I'm so glad I watched the video and learned a lot from it. Never judge a book by its cover, eh lol. Keep up the good work!

evocrer

Underrated AF. Dude you made it look so simpel! I thought I couldn't make it till the end without hiccups. Thank you good Sir!

TuncayAyhan

great tutorial !
my 2 cents for configuring SSL on QNAP running HA on docker.

After configuring the ports (443-->8123)
You need to log on qnap QTS page,
go to security page and enable SSL, u will have 2 options
first using qnap certification (not free) and the other one is with encryptit (free),
Choose encryptit .
Then - u need the files ....
Not easy but somehow manage to find it.
u need to go to security --> Certificate and Private Key tab --> download the certificate files,
U get 3 crt files:
SSLcertificate.crt SSLprivatekey.key
After hours of trying use and failed - i finally understand that crt files actually similar to pem files, u just need to rename them!
To fullchain.pem and privkey.pem and place them under config,
So U get :
ssl_certificate: /config/certificate.pem

ssl_key: /config/privkey.pem

And last VERY important note - U dont need duckDns!!!
U should use ur <UR_DOMAIN>.myqnapcloud.com.
So your base_url define as:
base_url:

Hopefully this could help to qnap/synolgy users

Avico

Hi mate,

I haven’t try it yet and I already have questions. Did you already try to make it on an Home Assistant OS?
And my last question would be: Can we create the certificate with root ?

And also based on others comments, this is right it looks dawn simple :-)

marclambert

The standalone specific supported challenges flag is deprecated. Please use the
--preferred-challenges flag instead.

usage:
certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...


can help me?

LuigiZotti

Hi Burns, just received an email from let's encrypt stating that ACME TLS SNI is reaching end of life till Feb 2019.

The resolution is to update the ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or else certificate renewals will break and existing certificates will start to expire.

I have followed your instruction guide closely to make things work for my HA.

Do u mind do a video on how to update from ACME to the recommended validation method?

Appreciate your hard work and sharing.

Thank you

Terrier

I am in the process of moving my setup from my RPi 2 to a dedicated Ubuntu 16.10 server setup and was curious if you knew what would be involved in moving the duckdns/letsencrypt setup. I believe you had also moved to Hassbian recently and wondered what you did for this. Is there a way to copy/move the files from the Rpi to the new server or is it better to delete the duckdns domain and start new again? I thought about adding a new domain on my current account but it appears I can't tie it to the same ip.

photo

is this how you do it for Hass.io? im having trouble with lets encrypt.. im unable to enable the duckdns add-on..however im able to reach my xxxx.duckdns.org address remotely. so i just need to figure out why its not encrypting? any ideas? Hass.io on ubuntu vm thanks

TrillasAdventures

As usual an excellent tutorial. I'm new to Home Assistant and have been following your recent Docker series (Thank you!!!). Will this same procedure work within a Docker system? I'll give it a try but so far tonight nothing else has worked.

monkeys

Reformatted by pi to do a fresh install of home assistant and glad to come by this video AGAIN. Second time around you've saved me lol. Thanks for the great work. Everything worked perfectly. Question...is updating the SSL certificate a manual process, or once its about to expire, do I just open port 80 reboot home assistant, and it'll automatically update?

evocrer

Awesome tutorial! Thanks for your hard work on all of these! A quick question: are the certificates renewed automatically using this method?

ThePhiliposophy

As always you give us great guides, thanks a lot.
Nevertheless... I followed all the steps precisely, but it gives me an error saying "The server could not connect to the client to verify the domain ::(and my personal data). The port forward should be ok, any advice?

LAghemo

hey, nice video. btw why do you record your videos in your car?

tolaxor

Im using Hass.in installed on a SD card with Etcher. When I type the commands in my SSH I get:
Connecting to dl.eff.org (151.101.12.201:443)
wget: error getting response: Connection reset by peer
What could be wrong?

MarcinBauer

I am behind mutiple NAT setup with my ISP. what is the workaround?

vinup

I was able to finally get everything installed however when I finally pulled up the url the connection is not secure. It shows a yellow triangle with a greyed lock. Did I do something wrong during the setup process?

photo

Excellent video, very precise and clear....but please I need help because when I launch the command "./certbot-auto certonly --standalone http-01 --email (MY EMAIL) -d (MY DOMAIN)" the installation hangs at "Installing Python packages..." and no longer responds. I'm trying to install it on a rpi with hassbian. Thank you

pindes

Hey, nice video, can this be done using hassio?

MrDavidmcdonald

Hey man thanks for this tutorial i got this working just one issue in the documentation below the video it was different to the code used in the video
ssl_key: NAME) i needed to remove the . and add /privkey.pem
ssl_key: /etc/letsencrypt/live/(DOMAIN NAME)/privkey.pem
I have to write back to you to on another tutorial soon, thanks!

TSIXGaming

I can not login to pi raspberry SSH The password is incorrect
What to do?

איתןעמר-לה