Enabling HTTPS in Home Assistant
The following procedure activates HTTPS for the Home Assistant server. The secure protocol uses TLS/SSL certificates to encrypt the data transferred between user and server.
Although it is possible to make this home automation system, whether in Linux or FreeBSD, accessible over the Internet, Home Assistant is usually operated within private networks, either physical or virtual. In this case, self-signed certificates may be acceptable to use and quicker to deploy.
1. Log in as the system account.
1.1. Linux, with $HOME "bin" included in $PATH (-i) of system account (-u).
user@host: $ sudo -i -u homeassistant
1.2. FreeBSD, coming from "root" superuser.
root@host: # su - homeassistant
2. Go to the Home Assistant configuration directory.
user@host: $ cd ~/.homeassistant
3. Make a directory for SSL certificates.
user@host: $ mkdir ssl
4. Ensure that only the system account and members of its group can access the directory.
user@host: $ chmod 770 ssl
5. Create a self-signed SSL certificate/key pair.
user@host: $ openssl req -new -x509 -days 36500 -nodes -keyout ssl/myhass.key -out ssl/myhass.crt
6. BACK UP the main YAML configuration file.
user@host: $ cp configuration.yaml configuration_yaml.back
7. Open the main YAML configuration file.
user@host: $ nano configuration.yaml
user@host: $ ee configuration.yaml
8. Add the following YAML lines and save the file.
# BEGIN CODE
# END CODE
9. Restart the Home Assistant server via web browser.
Configuration -> Server Controls -> Server management -> Restart
10. Test the secure site by accessing HTTPS on the web browser.
It can be argued that secure protocols may not be necessary since the server is within a private network. However, it is important to bear in mind that malware may have made its way into mobile devices from outside sources. Implementing HTTPS will prevent transaction data from getting sniffed and sent to malicious actors.
1. Home Assistant. Integrations, HTTP.