Let's Encrypt is a certificate authority that provides free X.509 certificates for Transport Layer Security encryption via an automated process designed to eliminate the hitherto complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.
Setting up Letsencrypt allows you to use validated certificates for your webpages and webinterfaces. It requires you to own the domain you are requesting the certificate for.
The generated certificate can be used within others addons.
The installation of this add-on is straightforward and easy to do.
- Navigate in your Home Assistant frontend to Hass.io -> Add-on Store.
- Find the "letsencrypt" add-on and click it.
- Click on the "INSTALL" button.
To use this add-on, you have two options on how to get your certificate:
- http challenge
- Requires Port 80 to be available from the internet and your domain assigned to the externally assigned IP address
- Doesnt allow wildcard certificates (*.yourdomain.com).
- dns challenge
- Requires you to use one of the supported DNS providers (See "Supported DNS providers" below)
- Allows to request wildcard certificates (*.yourdomain.com)
- Doesn’t need you to open a port to your hass.io host on your router.
You always need to provide the following entries within the configuration:
"email": "[email protected]"
"domains": "yourdomain.com" /// in case of requesting a wildcard certificate, add "*.yourdomain.com".
"challenge": "http OR dns"IF you choose "dns" as "challenge", you will also need to fill:
"dnsprovider": "" (Add the dnsprovider of your choice from the list of "Supported DNS providers" below)
In addition add the fields according to the credentials required by your dns provider:
```json
"cloudflare_email": "",
"cloudflare_api_key": "",
"cloudxns_api_key": "",
"cloudxns_secret_key": "",
"digitalocean_token": "",
"dnsimple_token": "",
"dnsmadeeasy_api_key": "",
"dnsmadeeasy_secret_key": "",
"gehirn_api_token": "",
"gehirn_api_secret": "",
"linode_key": "",
"linode_version": "",
"luadns_email": "",
"luadns_token": "",
"nsone_api_key": "",
"ovh_endpoint": "",
"ovh_application_key": "",
"ovh_application_secret": "",
"ovh_consumer_key": "",
"rfc2136_server": "",
"rfc2136_port": "",
"rfc2136_name": "",
"rfc2136_secret": "",
"rfc2136_algorithm": "",
"aws_access_key_id": "",
"aws_secret_access_key": "",
"sakuracloud_api_token": "",
"sakuracloud_api_secret": ""Add-on configuration:
{
"email": "[email protected]",
"domains": [
"home-assistant.io"
],
"challenge": "dns",
"dns": {
"provider": "dns-cloudflare",
"cloudflare_email": "[email protected]",
"cloudflare_api_key": "31242lk3j4ljlfdwsjf0"
}
}dns-cloudflare
dns-cloudxns
dns-digitalocean
dns-dnsimple
dns-dnsmadeeasy
dns-gehirn
dns-google (Currently not fully implemented)
dns-linode
dns-luadns
dns-nsone
dns-ovh
dns-rfc2136
dns-route53
dns-sakuracloud- Currently the google dns provider is not supported. Let us know if you want to use google, so we can test the required settings together.
Got questions?
You have several options to get them answered:
- The Home Assistant Discord Chat Server.
- The Home Assistant Community Forum.
- Join the Reddit subreddit in /r/homeassistant
- Check out certbots page certbot.
In case you've found an bug, please open an issue on our GitHub.