Effortless encryption with Let's Encrypt and DuckDNS

two minutes reading time
  • How-To

When Let’s Encrypt launched we were estatic: finally an easy and free way for our users to securely access their homes remotely. Let’s Encrypt signifianctly lowered the bar to get and renew SSL certificates. However, this process could still be quite an obstacle for our users. It required opening ports on the router and remembering to renew the certificate every so often.

Thanks to a blog post by Andreas Gohr I realized that DuckDNS supports setting TXT records, making it compatible with the DNS-01 challenge of Let’s Encrypt. The DNS-01 challenge is using the DNS record of the domain instead of interacting with the server. This means that it’s not needed for the user to open any ports!

I have worked together with Pascal Vizeli on updating the DuckDNS add-on for Hass.io and today we’re proud to announce it now includes automatic generation and updating of Let’s Encrypt certificates for your DuckDNS domain. The only thing that you have to add to your DuckDNS configuration is that you accept the Let’s Encrypt terms of service and point Home Assistant at the generated certificates and you’re good to go. No other work is required.

To get started today, start with making sure that you have Hass.io installed. After that, go to the Hass.io panel in Home Assistant, open the add-on store, scroll down to DuckDNS and install it. In the DuckDNS settings change “accept_terms” to true and start it.

Next up is to configure Home Assistant with the config below and restart it. You’re now good to go! Make sure to use the right protocol when browsing to your instance: https://<your_domain>.duckdns.org. Happy secure controlling your house!

# Example configuration.yaml entry for the HTTP component
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

If you’re not using Hass.io, check out the blog post by Andreas for instructions.

If you enjoy the free service provided by DuckDNS and Let’s Encrypt, consider donating to their cause:

More information: