How to Set Up Home Assistant with SSL Certificates Using DuckDNS and Docker on Windows

Introduction

🌟 Setting up Home Assistant on your local machine with SSL certificates can be a rewarding experience, especially when you want to securely access it remotely. In this guide, I'll show you how to set up Home Assistant with DuckDNS for remote access, secure it with Let's Encrypt SSL certificates, and run it inside Docker on Windows.

Tags

• #HomeAssistant
• #Docker
• #SSL
• #DuckDNS
• #SmartHome
• #IoT
• #Security

1. Prerequisites 🛠️

Before diving in, make sure you have the following:

• A Windows machine
• Docker Desktop installed
• Home Assistant running in Docker
• A DuckDNS account for dynamic DNS
• Basic knowledge of Home Assistant, Docker, and networking

2. Setting Up DuckDNS 🌍

To set up DuckDNS for remote access, follow these steps:

1. Go to DuckDNS and create an account.
2. Add a domain (e.g., yourdomain.duckdns.org) and note down the token.
3. Install the DuckDNS update script on your Windows machine and make sure it updates your public IP regularly.

3. Installing win-acme for SSL Certificates 🔒

To secure Home Assistant with SSL, we’ll use win-acme to generate certificates from Let’s Encrypt. Here’s how:

1. Download win-acme from here.
2. Run wacs.exe in administrator mode and select M for manual input.
3. Enter your domain name (e.g., yourdomain.duckdns.org) and select http-01 validation.
4. Store the certificates in PEM format.
5. Ensure the certificates are saved in a folder that's easy to access (e.g., C:\ha-ssl).

4. Configuring Home Assistant for SSL 🛠️

To configure Home Assistant with SSL, follow these steps:

1. Open the configuration.yaml file in your Home Assistant configuration folder.
2. Add the following under the http: section:

http:
  server_port: 8123
  ssl_certificate: /ssl/sankworks.duckdns.org-chain.pem
  ssl_key: /ssl/sankworks.duckdns.org-key.pem

1. Save the file.

5. Docker Setup for Home Assistant 🐳

Now, let's run Home Assistant in Docker with SSL enabled:

1. Open Command Prompt and run the following Docker command:

docker run -d --name homeassistant -p 8123:8123 -v C:\ha_config:/config -v C:\ha-ssl:/ssl --restart=unless-stopped ghcr.io/home-assistant/home-assistant:stable

1. After the container is running, you can access Home Assistant at https://yourdomain.duckdns.org:8123.

6. Accessing Home Assistant Locally and Remotely 🌐

• Locally: Home Assistant will automatically switch to local network mode and use http://homeassistant.local:8123.
• Remotely: Use https://yourdomain.duckdns.org:8123 to access it from anywhere.

7. Troubleshooting 🛠️

Here are some common issues:

• SSL Errors: Ensure your SSL certificates are valid and stored in the correct path.
• App Connection Issues: Sometimes the Home Assistant app might fail to connect; make sure the app is using the correct URL (https://yourdomain.duckdns.org:8123).

8. Personal Experience & Challenges 🤔

During the setup, I faced a few challenges that helped me learn more about networking and Docker:

1. Port Forwarding Issue 🌐:
   
   One of the biggest challenges was getting port forwarding to work correctly with my router. After several tries, I realized I needed to open port 80 externally and forward it to port 80 on the internal machine where Home Assistant was running. This took a bit of troubleshooting, but eventually, everything clicked.

2. SSL Certificate Validation 🔒:
   
   Another issue I encountered was ensuring the SSL certificates were correctly generated and recognized. Initially, I had problems because my fullchain.pem file wasn’t being referenced correctly in the configuration.yaml file. Once I fixed the paths, everything worked fine.

3. App Access on Local Network 📱:
   
   Even though accessing Home Assistant via a web browser worked seamlessly, I had trouble with the official Home Assistant app. The app wasn’t connecting even though the URL was correct. After some research, I learned that the app defaults to HTTP when connected to the same network. I fixed this by manually setting the app to use HTTPS.

These setbacks were frustrating at times, but they were valuable learning opportunities that allowed me to dive deeper into networking, Docker, and SSL certificates.

Conclusion 🎉

By following these steps, you’ve successfully set up Home Assistant with DuckDNS and SSL certificates inside Docker. You can now access your Home Assistant securely both locally and remotely. Keep learning and improving your setup!

Additional Tips 💡

• Automatic Certificate Renewal: win-acme automatically schedules renewal for your certificates. Make sure it’s set up properly.
• Backup Your Configurations: Always back up your configuration.yaml and other important files before making changes.