Updated 2016-06-18
+Requirements
The DuckDNS part of this tutorial has no requirements but there are a few requirements as of now to run the Let’s Encrypt client.
-
-
- Direct connection to the internet or admin access to your router to set up port forwarding -
- A machine running a Unix-ish OS that include Python 2.6 or 2.7 (Docker can be used) +
- Direct connection to the internet or admin access to your router to set up port forwarding. +
- A machine running a Unix-ish OS that include Python 2.6 or 2.7 (Docker can be used). +
- Root access, to write to default config, log and library directories and bind port 80.
Let’s Encrypt is a free, automated, and open certificate authority (CA). We will use this to acquire a certificate that can be used to encrypted our connection with Home Assistant.
-Let’s Encrypt will give you a free 90-day certificate if you pass their domain validation challenge. Domains are validated by having certain data be accessible on your domain for Let’s Encrypt (they describe it better themselves).
+Let’s Encrypt will give you a free 90-day certificate if you pass their domain validation challenge. Domains are validated by having certain data be accessible on your domain for Let’s Encrypt (they describe it better themselves).
-Assuming that your home is behind a router, the first thing to do is to set up port forwarding from your router to your computer that will run Let’s Encrypt. For the Let’s Encrypt set up we need to temporary forward ports 80 (http connections) and 443 (https connections). This can be set up by accessing your router admin interface (Site with port forwarding instructions per router).
Assuming that your home is behind a router, the first thing to do is to set up port forwarding from your router to your computer that will run Let’s Encrypt. For the Let’s Encrypt set up we need to forward external port 80 to internal port 80 (http connections). This can be set up by accessing your router admin interface (Site with port forwarding instructions per router). This port forward must be active whenever you want to request a new certificate from Let’s Encrypt, typically every three months. If you normally don’t use or have an app that listens to port 80, it should be safe to leave the port open. This will make renewing certificates easier.
Now you’re ready to run Let’s Encrypt:
+Now you’re ready to install and run the client that requests certificates from Let’s Encrypt. The following example will use the platform independent script to install and run the certbot client from Let’s Encrypt. If there is a certbot package for your OS, it’s recommended to install the package instead of the platform independent script. Read the docs for more information. There are also other clients that might offer more customization and options. See the client options page at Let’s Encrypt.
$ git clone https://github.com/letsencrypt/letsencrypt -[…] -$ cd letsencrypt -$ ./letsencrypt-auto certonly --email your@email.address -d hass-example.duckdns.org - -Updating letsencrypt and virtual environment dependencies....... -Running with virtualenv: sudo /path/letsencrypt/bin/letsencrypt certonly --email your@e-mail.address -d hass-example.duckdns.org - -IMPORTANT NOTES: - - Congratulations! Your certificate and chain have been saved at - /etc/letsencrypt/live/hass-example.duckdns.org/fullchain.pem. Your cert - will expire on 2016-03-12. To obtain a new version of the - certificate in the future, simply run Let's Encrypt again. - - If like Let's Encrypt, please consider supporting our work by: - - Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate - Donating to EFF: https://eff.org/donate-le +$ mkdir certbot +$ cd certbot/ +$ wget https://dl.eff.org/certbot-auto +$ chmod a+x certbot-auto +$ ./certbot-auto certonly --standalone \ + --standalone-supported-challenges http-01 \ + --email your@email.address \ + -d hass-example.duckdns.org
sudo mkdir /etc/letsencrypt /var/lib/letsencrypt
-sudo docker run -it --rm -p 443:443 -p 80:80 --name letsencrypt \
+sudo docker run -it --rm -p 80:80 --name certbot \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
quay.io/letsencrypt/letsencrypt:latest certonly \
- --email your@e-mail.address -d hass-example.duckdns.org
+ --standalone --standalone-supported-challenges http-01 \
+ --email your@email.address -d hass-example.duckdns.org
With either method your certificate will be generated and put in the directory /etc/letsencrypt/live/hass-example.duckdns.org. As the lifetime is only 90 days, you will have to repeat this every 90 days.
With either method your certificate will be generated and put in the directory /etc/letsencrypt/live/hass-example.duckdns.org. As the lifetime is only 90 days, you will have to repeat this every 90 days. There’s a special command to simplify renewing certificates:
./certbot-auto renew --quiet --no-self-upgrade --standalone \ + --standalone-supported-challenges http-01 +
Home Assistant
-Before updating the Home Assistant configuration, we have to update the port forwarding at your router config. We can drop the port forwarding for port 80 as we no longer care about unecrypted messages. Update port 443 to forward to port 8123 on the computer that will run Home Assistant.
Before updating the Home Assistant configuration, we have to forward port 443 (https connections) to port 8123 on the computer that will run Home Assistant. Do this in your router configuration as previously done for port 80.
The final step is to point Home Assistant at the generated certificates. Before you do this, make sure that the user running Home Assistant has read access to the folder that holds the certificates.
diff --git a/blog/categories/community/atom.xml b/blog/categories/community/atom.xml index 89682ddc3d..e3f505128e 100644 --- a/blog/categories/community/atom.xml +++ b/blog/categories/community/atom.xml @@ -4,7 +4,7 @@Updated 2016-06-18
+Requirements
The DuckDNS part of this tutorial has no requirements but there are a few requirements as of now to run the Let’s Encrypt client.
-
-
- Direct connection to the internet or admin access to your router to set up port forwarding -
- A machine running a Unix-ish OS that include Python 2.6 or 2.7 (Docker can be used) +
- Direct connection to the internet or admin access to your router to set up port forwarding. +
- A machine running a Unix-ish OS that include Python 2.6 or 2.7 (Docker can be used). +
- Root access, to write to default config, log and library directories and bind port 80.
Let’s Encrypt is a free, automated, and open certificate authority (CA). We will use this to acquire a certificate that can be used to encrypted our connection with Home Assistant.
-Let’s Encrypt will give you a free 90-day certificate if you pass their domain validation challenge. Domains are validated by having certain data be accessible on your domain for Let’s Encrypt (they describe it better themselves).
+Let’s Encrypt will give you a free 90-day certificate if you pass their domain validation challenge. Domains are validated by having certain data be accessible on your domain for Let’s Encrypt (they describe it better themselves).
-Assuming that your home is behind a router, the first thing to do is to set up port forwarding from your router to your computer that will run Let’s Encrypt. For the Let’s Encrypt set up we need to temporary forward ports 80 (http connections) and 443 (https connections). This can be set up by accessing your router admin interface (Site with port forwarding instructions per router).
Assuming that your home is behind a router, the first thing to do is to set up port forwarding from your router to your computer that will run Let’s Encrypt. For the Let’s Encrypt set up we need to forward external port 80 to internal port 80 (http connections). This can be set up by accessing your router admin interface (Site with port forwarding instructions per router). This port forward must be active whenever you want to request a new certificate from Let’s Encrypt, typically every three months. If you normally don’t use or have an app that listens to port 80, it should be safe to leave the port open. This will make renewing certificates easier.
Now you’re ready to run Let’s Encrypt:
+Now you’re ready to install and run the client that requests certificates from Let’s Encrypt. The following example will use the platform independent script to install and run the certbot client from Let’s Encrypt. If there is a certbot package for your OS, it’s recommended to install the package instead of the platform independent script. Read the docs for more information. There are also other clients that might offer more customization and options. See the client options page at Let’s Encrypt.
$ git clone https://github.com/letsencrypt/letsencrypt -[…] -$ cd letsencrypt -$ ./letsencrypt-auto certonly --email your@email.address -d hass-example.duckdns.org - -Updating letsencrypt and virtual environment dependencies....... -Running with virtualenv: sudo /path/letsencrypt/bin/letsencrypt certonly --email your@e-mail.address -d hass-example.duckdns.org - -IMPORTANT NOTES: - - Congratulations! Your certificate and chain have been saved at - /etc/letsencrypt/live/hass-example.duckdns.org/fullchain.pem. Your cert - will expire on 2016-03-12. To obtain a new version of the - certificate in the future, simply run Let's Encrypt again. - - If like Let's Encrypt, please consider supporting our work by: - - Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate - Donating to EFF: https://eff.org/donate-le +$ mkdir certbot +$ cd certbot/ +$ wget https://dl.eff.org/certbot-auto +$ chmod a+x certbot-auto +$ ./certbot-auto certonly --standalone \ + --standalone-supported-challenges http-01 \ + --email your@email.address \ + -d hass-example.duckdns.org
sudo mkdir /etc/letsencrypt /var/lib/letsencrypt
-sudo docker run -it --rm -p 443:443 -p 80:80 --name letsencrypt \
+sudo docker run -it --rm -p 80:80 --name certbot \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
quay.io/letsencrypt/letsencrypt:latest certonly \
- --email your@e-mail.address -d hass-example.duckdns.org
+ --standalone --standalone-supported-challenges http-01 \
+ --email your@email.address -d hass-example.duckdns.org
With either method your certificate will be generated and put in the directory /etc/letsencrypt/live/hass-example.duckdns.org. As the lifetime is only 90 days, you will have to repeat this every 90 days.
With either method your certificate will be generated and put in the directory /etc/letsencrypt/live/hass-example.duckdns.org. As the lifetime is only 90 days, you will have to repeat this every 90 days. There’s a special command to simplify renewing certificates:
./certbot-auto renew --quiet --no-self-upgrade --standalone \ + --standalone-supported-challenges http-01 +
Home Assistant
-Before updating the Home Assistant configuration, we have to update the port forwarding at your router config. We can drop the port forwarding for port 80 as we no longer care about unecrypted messages. Update port 443 to forward to port 8123 on the computer that will run Home Assistant.
Before updating the Home Assistant configuration, we have to forward port 443 (https connections) to port 8123 on the computer that will run Home Assistant. Do this in your router configuration as previously done for port 80.
The final step is to point Home Assistant at the generated certificates. Before you do this, make sure that the user running Home Assistant has read access to the folder that holds the certificates.
diff --git a/blog/categories/ibeacons/atom.xml b/blog/categories/ibeacons/atom.xml index 3bce295869..5f49f59e82 100644 --- a/blog/categories/ibeacons/atom.xml +++ b/blog/categories/ibeacons/atom.xml @@ -4,7 +4,7 @@