Replies: 12 comments
-
|
As HA and LMS most likely are in the same network, do you even have to use https? Using https internally IMHO doesn't make sense in most cases. Dealing with self-signed certs is a mess... |
Beta Was this translation helpful? Give feedback.
-
|
It would be nice if home assistant could use both http for internal and HTTPS for external. The home assistant instance is port forwarded to the internet and that is the reason for the https |
Beta Was this translation helpful? Give feedback.
-
|
If you go to the public internet I'd strongly recommend you get a valid certificate. I believe the HA community has instructions how to do this. Having "invalid" certs only trains people to ignore warnings. I don't know how you expose your host. But I'm eg. using a Cloudflare tunnel to do expose some service from my local network. This handles certs and everything automatically. And I believe I've seen instructions to use it with HA, too. |
Beta Was this translation helpful? Give feedback.
-
|
If you are using DuckDNS as your DNS provider: https://www.home-assistant.io/blog/2017/09/27/effortless-encryption-with-lets-encrypt-and-duckdns/ |
Beta Was this translation helpful? Give feedback.
-
|
Paying for something that I can generate for free with a few lines of code and have no other middle man being able to decrypt my traffic is better in my mind. I would rather like to just include my cert into the source code and just recompile it if you could show me where |
Beta Was this translation helpful? Give feedback.
-
|
The point is that Let's Encrypt certificates are free, see the link above. |
Beta Was this translation helpful? Give feedback.
-
|
Who has the key for root certificate? If I am not the one owning that then I can only trust that they don't loose theirs or worse sell access to it without me knowing. |
Beta Was this translation helpful? Give feedback.
-
|
Where is the list of certs that are accepted in the code as valid? |
Beta Was this translation helpful? Give feedback.
-
|
Are you serious? If that’s your viewpoint you can stop using internet altogether… You do not own any of the root certificates of the sites you use. |
Beta Was this translation helpful? Give feedback.
-
|
Normally in Perl Mozilla::CA is used but I am not sure in case of LMS. |
Beta Was this translation helpful? Give feedback.
-
|
I was looking here and there seems to be procedures available to add certs |
Beta Was this translation helpful? Give feedback.
-
|
I do not see a list of the allowed certificates. Is there anyone who knows where they are stored? |
Beta Was this translation helpful? Give feedback.
-
Thank you for all your work. I have found that using my homeassistant server with a self signed certificate authority causes the tts playback to not work unless I choose Insecure HTTPS.
I thought that a better solution would be to allow one domain to be excluded of a certificate to be uploaded that is allowed. Is there anyway to do this?
Beta Was this translation helpful? Give feedback.
All reactions