You’ve made it this far, you’re almost there. Time to secure your Smart-Home devices. This is really easy with Let’s Encrypt . This is a free automated service that provides Free SSL/TLS Certificates. This keeps your traffic safe.
- Forward Ports 80 and 443
- Lets Encrypt Add On
- Forward Port 8123 to 443
Forward Ports 80 and 443
First you’ll need to forward some ports. If you made it this far, then you already forwarded a port to use Duck DNS.
- Go back to your router’s forwarding page.
- First, you need to forward port 80 local (or internal) to part 80 external.
- Next, do the same thing for port 443.
- These ports are being forwarded in order to allow Let’s Encrypt verify you’re the one requesting the certificates.
- Port 443 is also the port that will serve up your secure https traffic.
- At this point, you’ll likely have a line up similar to mine with the 3 ports we’ve forwarded up to this point. Now you’re all set up to get your security certificate.
Let’s Encrypt Add-On
- Go to the Add-Ons menu under the Hass.io tab and install the Let’s Encrypt add-on.
- You will be required to provide an email address for the certificate.
- Fill in the email and domains spaces here.
- Remember to use “”.
- Save your settings and press Start.
- Wait a moment and scroll down to the Logs section.
- You can refresh the log to verify your certificate was obtained successfully.
- Now that you have the certificate, you’ll need to add it to your “configuration.yaml” file.
- You can copy and paste the lines from the bottom of the documentation.
- Paste it under the “http:” component.
- What you’re pasting here is the location the certificates were saved on your Raspberry Pi.
ALRIGHT! You’ve got a private, secure Smart-Home app that you can control all of your devices from. Right now, you can reach your set up at http://YOURSUBDOMAIN.duckdns.org:8123 Just one more step to remove the :8123 from your address.
Forward Port 8123 to 443
- Go back into your forwarding settings.
- Change your current internal port 8123 to external 8123 to internal port 8123 to external port 443.
- There you go! Now you can go to https://YOURSUBDOMAIN.duckdns.org and see all your stuff!
- You can also reach your set-up locally using https://YOURRASPBERRYPI’SIP:8123
- You may get a warning, like I did in Chrome saying it might be unsafe.
- You can click advanced and click again to get in. It’s just saying this because the security certificate matches your URL not the Raspberry Pi’s IP address.
- Now that you’ve updated your address to https:// remember to update your web app!
- Now you have a protected Smart-Home set up that you can control, securely from any device!
If these guides have been helpful to you , please share them! If you have any questions, please reach out to me in the comments. Thanks for visiting!