I’m back after years on this blog to write a mini how-to, mainly a note for myself.
I’m an enthusiast Home Assistant user, the most used open platform for home automation.
I aimed to use my own custom subdomain for Home Assistant. I wanted an SSL certificate issued by Let’s Encrypt in cPanel.
My recipe
- cPanel Dynamic DNS to setup a dedicated subdomain for my Home Assistant installation (the dynamic IP is automatically updated by HA when IP change)
- SSL certificate auto-generated by cPanel. The certificated is issued by Let’s Encrypt and expire every 3 months
- SSL cert (and private key) configured in HA with addon “NGINX Home Assistant SSL proxy“
The problem
On my first try, I just copied the SSL cert from cPanel to HA folder /ssl/fullchain.pem file and private key to /ssl/privkey.pem (the are just text files with .pem extension) and restarted NGINX plugin.
This exposed the SSL cert to the https domain. However, I had problems with the Samsung SmartThings Integration. The SmartThings cloud could not connect to my Home Assistant webhook URL.
After some attempts and searches I figured out that the SSL cert, even if valid, was not completely trusted. SSL Checker website (like this) reported me a yellow warn icon under the certificate chains of trust.
This pointed me to the right direction…
The solution
This Let’s Encrypt page had the solution I needed. Basically, I needed to add both intermediate and root certificates inside the “/ssl/fullchain.pem” file in home assistant.
First figured out which kind of certs did I need: in my case the where Intermediate R10 and Root X1. I downloaded both “pem” certificates from Let’s Encrypt page.
Then I composed my fullchain.pem like this:
-----BEGIN CERTIFICATE-----
MAIN SSL Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Let's Encrypt Intermediate Certificate (R10)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Let's Encrypt Root X1 Certificate
-----END CERTIFICATE-----
I saved the file and rebooted NGNIX.
After another SSL check, my domain looked like this:
This solved all my issues with SmartThings integration.