jeena/home-assistant.github.io
1
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity Actions
home-assistant.github.io/cookbook/tls_domain_certificate/index.html
Travis CI 67179bf8fe Site updated at 2017-03-18 17:12:07 UTC
2017-03-18 17:12:07 +00:00

185 lines
10 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!--> <html> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Certificate for SSL/TLS via domain ownership - Home Assistant</title>
<meta name="author" content="Home Assistant">
<meta name="description" content="Configure a certificate to use with Home Assistant">
<meta name="viewport" content="width=device-width">
<link rel="canonical" href="https://home-assistant.io/cookbook/tls_domain_certificate/">
<meta property="fb:app_id" content="338291289691179">
<meta property="og:title" content="Certificate for SSL/TLS via domain ownership">
<meta property="og:site_name" content="Home Assistant">
<meta property="og:url" content="https://home-assistant.io/cookbook/tls_domain_certificate/">
<meta property="og:type" content="article">
<meta property="og:description" content="Configure a certificate to use with Home Assistant">
<meta property="og:image" content="https://home-assistant.io/images/default-social.png">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@home_assistant">
<meta name="twitter:title" content="Certificate for SSL/TLS via domain ownership">
<meta name="twitter:description" content="Configure a certificate to use with Home Assistant">
<meta name="twitter:image" content="https://home-assistant.io/images/default-social.png">
<link href="/stylesheets/screen.css" media="screen, projection" rel="stylesheet">
<link href="/atom.xml" rel="alternate" title="Home Assistant" type="application/atom+xml">
<link rel='shortcut icon' href='/images/favicon.ico' />
<link rel='icon' type='image/png' href='/images/favicon-192x192.png' sizes='192x192' />
</head>
<body >
<header>
<div class="grid-wrapper">
<div class="grid">
<div class="grid__item three-tenths lap-two-sixths palm-one-whole ha-title">
<a href="/" class="site-title">
<img width='40' src='/demo/favicon-192x192.png'>
<span>Home Assistant</span>
</a>
</div>
<div class="grid__item seven-tenths lap-four-sixths palm-one-whole">
<nav>
<input type="checkbox" id="toggle">
<label for="toggle" class="toggle" data-open="Main Menu" data-close="Close Menu"></label>
<ul class="menu pull-right">
<li><a href="/getting-started/">Getting started</a></li>
<li><a href="/components/">Components</a></li>
<li><a href="/docs/">Docs</a></li>
<li><a href="/cookbook/">Examples</a></li>
<li><a href="/developers/">Developers</a></li>
<li><a href="/blog/">Blog</a></li>
<li><a href="/help/">Need help?</a></li>
</ul>
</nav>
</div>
</div>
</div>
</header>
<div class="grid-wrapper">
<div class="grid grid-center">
<div class="grid__item two-thirds lap-one-whole palm-one-whole">
<article class="page">
<header>
<h1 class="title indent">
Certificate for SSL/TLS via Domain Ownership
</h1>
</header>
<hr class="divider">
<p>If your Home Assistant instance is only accessible from your local network you can still protect the communication between your browsers and the frontend with SSL/TLS. You can use <a href="/cookbook/tls_self_signed_certificate/">Self-sign certificate</a> but your browser will present a warning and some https-only features might not work.</p>
<h3><a class="title-link" name="prerequirement-for-this-guide" href="#prerequirement-for-this-guide"></a> Prerequirement for this guide</h3>
<ul>
<li>Your Home Assistant instance is not exposed to the internet. If it is - use <a href="/blog/2015/12/13/setup-encryption-using-lets-encrypt/">this guide</a></li>
<li>You control a public domain name. The domain doesnt have to point to a site. A domain controlled by a <em>trusted</em> friend will do. (A friend you trust not to MITM you)</li>
<li>Your home router supports custom DNS entries.</li>
</ul>
<h3><a class="title-link" name="run-certbot" href="#run-certbot"></a> Run certbot</h3>
<div class="language-bash highlighter-rouge"><pre class="highlight"><code><span class="gp">$ </span>mkdir certbot
<span class="gp">$ </span><span class="nb">cd </span>certbot
<span class="gp">$ </span>wget https://dl.eff.org/certbot-auto
<span class="gp">$ </span>chmod a+x certbot-auto
<span class="gp">$ </span>sudo ./certbot-auto --manual certonly --preferred-challenges dns -d <span class="s2">"mydomain.com"</span> --email your@email.address
</code></pre>
</div>
<ul>
<li>Agree to Terms of Service</li>
<li>Choose whether to share your email with Electronic Frontier Foundation.</li>
<li>Agree to your IP being logged</li>
</ul>
<p>You will get the following text:</p>
<div class="language-text highlighter-rouge"><pre class="highlight"><code>Please deploy a DNS TXT record under the name
_acme-challenge.mydomain.com with the following value:
deadbeefdeadbeefdeadbeefdeadbeefdeadbeef
Once this is deployed,
-------------------------------------------------------------------------------
Press Enter to Continue
</code></pre>
</div>
<ul>
<li>
<p>Deploy the value to TXT field using your domain registar.</p>
</li>
<li>Go to a site that queries domain record. For example <a href="https://mxtoolbox.com/TXTLookup.aspx">this one</a> and look if it sees your brand new TXT field (Dont forget to enter the full domain: <code class="highlighter-rouge">_acme-challenge.mydomain.com</code>)</li>
<li>Press Enter at certbot prompt.</li>
</ul>
<h3><a class="title-link" name="make-mydomaincom-point-to-your-home-assistant-instance" href="#make-mydomaincom-point-to-your-home-assistant-instance"></a> Make mydomain.com point to your Home Assistant instance</h3>
<p>If your router uses DNSMasq (for example DDWRT) add the following line to DNSMasq options:</p>
<div class="highlighter-rouge"><pre class="highlight"><code>address=/mydomain.com/&lt;hass ip&gt;
</code></pre>
</div>
<h3><a class="title-link" name="edit-your-home-assistant-configuration-to-use-your-certificates" href="#edit-your-home-assistant-configuration-to-use-your-certificates"></a> Edit your Home Assistant configuration to use your certificates</h3>
<div class="language-yaml highlighter-rouge"><pre class="highlight"><code><span class="s">http</span><span class="pi">:</span>
<span class="s">api_password</span><span class="pi">:</span> <span class="s">YOUR_SECRET_PASSWORD</span>
<span class="s">base_url</span><span class="pi">:</span> <span class="s">https://mydomain.com:8123</span>
<span class="s">ssl_certificate</span><span class="pi">:</span> <span class="s">/etc/letsencrypt/live/mydomain.com/fullchain.pem</span>
<span class="s">ssl_key</span><span class="pi">:</span> <span class="s">/etc/letsencrypt/live/mydomain.com/privkey.pem</span>
</code></pre>
</div>
<p>Make sure the files are accessible by the user that runs Home Assistant, eg. <code class="highlighter-rouge">homeassistant</code> for a HASSbian setup.</p>
</article>
</div>
<aside id="sidebar" class="grid__item one-third lap-one-whole palm-one-whole">
<div class="grid">
<section class="aside-module grid__item one-whole lap-one-half">
<div class='edit-github'><a href='https://github.com/home-assistant/home-assistant.github.io/tree/current/source/_cookbook/tls_domain_certificate.markdown'>Edit this page on GitHub</a></div>
<div class='section'>
<a href='/cookbook'>Back to the cookbook</a>
</div>
<div class='section'>
<h1 class="title delta">Infrastructure</h1>
<ul class='divided'>
<li>
<a href='/cookbook/apache_configuration/'>Apache Configuration</a>
</li>
<li>
Certificate for SSL/TLS via domain ownership
</li>
<li>
<a href='/cookbook/githubbackup/'>Configuration Backup to GitHub</a>
</li>
<li>
<a href='/cookbook/owntracks_two_mqtt_broker/'>OwnTracks with two MQTT brokers</a>
</li>
<li>
<a href='/cookbook/tls_self_signed_certificate/'>Self-signed certificate for SSL/TLS</a>
</li>
<li>
<a href='/cookbook/tor_configuration/'>Tor Onion Service Configuration</a>
</li>
</ul>
</div>
</section>
</div>
</aside>
</div>
</div>
<footer>
<div class="grid-wrapper">
<div class="grid">
<div class="grid__item">
<div class="copyright">
<a rel="me" href='https://twitter.com/home_assistant'><i class="icon-twitter"></i></a>
<a rel="me" href='https://facebook.com/homeassistantio'><i class="icon-facebook"></i></a>
<a rel="me" href='https://plus.google.com/110560654828510104551'><i class="icon-google-plus"></i></a>
<a rel="me" href='https://github.com/home-assistant/home-assistant'><i class="icon-github"></i></a>
<div class="credit">
Contact us at <a href='mailto:hello@home-assistant.io'>hello@home-assistant.io</a>.<br>
Website powered by <a href='http://jekyllrb.com/'>Jekyll</a> and the <a href='https://github.com/coogie/oscailte'>Oscalite theme</a>.<br />
Hosted by <a href='https://pages.github.com/'>GitHub</a> and served by <a href='https://cloudflare.com'>CloudFlare</a>.
</div>
<a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/"><img alt="Creative Commons License" style="border-width:0" src="https://i.creativecommons.org/l/by-nc-sa/4.0/88x31.png" /></a><br /><span xmlns:dct="http://purl.org/dc/terms/" property="dct:title">home-assistant.io</span> is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/">Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License</a>.
</div>
</div>
</div>
</div>
</footer>
<script>
var _gaq=[['_setAccount','UA-57927901-1'],['_trackPageview']];
(function(d,t){var g=d.createElement(t),s=d.getElementsByTagName(t)[0];
g.src=('https:'==location.protocol?'//ssl':'//www')+'.google-analytics.com/ga.js';
s.parentNode.insertBefore(g,s)}(document,'script'));
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink