How to add an SSL Certificate to Home Assistant (the old fashioned way)
So this blog post is mainly for ME to reference in about a year when I have to do this process again. The certificate I use for my Home Assistant Docker container was about to expire so I needed to both renew it and replace it on the server. Today, most Home Assistant users probably just use Nabu Casa for securing their Home Assistant instances but I was running HA way before Nabu Casa was even a thought in Paulus’s project board. 🙂 So rather than deal with the headaches (at the time) of Let’s Encrypt free certificates, I just scrounged up the $15 bucks it cost to purchase a 3 year SSL certificate for my site. If you do the math, this was way back in November 2016. 5 bucks a year to not have to renew a LE cert every 90 days? Take my money please.
Fast forward to today when my renewal reminder came in and for the life of me, I can’t find any notes on what special little tricks I did to get it all working with my server. So now we are at this post. A post that might help some of you out there in similar situations but will definitely help the 2024 version of me. Actually, with my SSL issuer, I will have to reactivate this next year as well so Hello 2020 Carlo.. here is the general process.
1) If you have the time, mess with Let’s Encrypt and ignore the rest of this post but if not, just pay the money and get your certificate. I have been using SSLS.COM since it’s about 4 bucks a year.
2) If you need to generate a new CSR, you can run the following command on your Home Assistant. It will create both the Private Key and CSR needed.
openssl req -new -newkey rsa:2048 -nodes –keyout domain_name.key -out domain_name.csr -subj /CN=domain_name; cat domain_name.csr
3) Request to do DNS validation. It’s super easy and super fast if you have access to the DNS records which I do.
4) Once activated, go and download the zipped bundle frm the issuer.
5) Add the contents of the CA Bundle (root and intermediate certificates) to your .crt file to create a fully chained certificate. Just add the bundle to the bottom of the text file using Notepad++.
6) Add the new files (CRT and KEY) to the appropriate directories in your secrets file.
7) Restart Home Assistant
That should be it and it should work. Browse your way to the UI and verify that the new certificate is being used.
The process is super straight forward but sometimes a bear to remember since you do it so infrequently.
Stay Safe out there!