Skip to content

Instantly share code, notes, and snippets.

@ammgws
Last active October 5, 2021 14:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ammgws/d3fb6d197e6036e496d4fee17e22a84f to your computer and use it in GitHub Desktop.
Save ammgws/d3fb6d197e6036e496d4fee17e22a84f to your computer and use it in GitHub Desktop.
Get Home Assistant running on local network via HTTPS using a trusted local certificiate

Background

Fitbit integration requires the OAUTH2 callback URI to be HTTPS, which is an issue since Home Assistant by default only runs in HTTP. Additionally, I do not wish to expose HA to the internet and only access it externally via VPN into my home network. So the solution is to generate our own cert to install in Home Assistant, and store that root CA in the trusted CA list on the computer from which the HA front end is going to be accessed. This will be done using the mkcert tool: https://github.com/FiloSottile/mkcert

On my deskop (not the computer running HA)

1. Generate a cert which is valid for both the hostname address and the IP address of my HA instance.

mkcert -install
mkcert homeassistant.home.lan 192.168.1.5

2. Copy the files over to the HA server (method doesn't matter, in my case I already have SSH access setup).

scp homeassistant.home.lan* root@192.168.1.5:ssl/

On HA server or HA frontend if you have the "File Editor" addon installed

3. Edit configuration.yaml and add:

http:
  ssl_certificate: /ssl/homeassistant.home.lan+1.pem
  ssl_key: /ssl/homeassistant.home.lan+1-key.pem

4. Reboot HA, and HTTPS should now be working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment