Access Your Home Assistant Server Remotely With DuckDNS and Let’s Encrypt

If you want to securely access your Home Assistant instance from the internet, you can opt for the platform’s own cloud subscription, called Nabu Casa. It not only allows you to access your smart home and control all your devices from anywhere, but also supports the developers.

However, if you don’t want to pay a monthly subscription fee, you can instead use the DuckDNS and Let’s Encrypt add-ons to configure Home Assistant and access your smart home securely via the internet.

Before You Begin

We will use the ‘port forwarding’ method to expose our local Home Assistant server to the internet. While port forwarding will allow you to access your smart home remotely, it could also be dangerous if you do not secure the connection. When you expose a local server such as Home Assistant to the internet with a port forwarding method, there’s always a risk of unauthorized access. Threat actors can easily get into your network and can have full control over your devices.

However, if you encrypt the connection with SSL/TLS and follow some best practices while exposing the server to the outside world, you can prevent such instances and securely access the server.

Alternatively, you can use the Cloudflared community add-on to secure your Home Assistant installation and access it remotely.

Set Up a DuckDNS Subdomain

Go to and sign in using your Google, Reddit, GitHub, Twitter, or Persona account. Complete the captcha and then create a DuckDNS subdomain. The name should be unique and preferably easy to remember. We will be using this URL to connect to our Home Assistant instance remotely.

The subdomain, if available, will be added to your account. Make sure to type your public IP in the current ip field. You can find your public IP by using Google search: simply type “what’s my IP”.

Also, copy the DuckDNS token. Keep this token safe as it’s confidential.

Port Forward via Router’s Settings

Log in to your router and configure the port forward. To learn how to enable port forwarding in your particular router model, use Google search. Alternatively, you can visit Port Forward and click on your router manufacturer, then model number or name to learn how to enable port forwarding in your router. You can also find several video guides on YouTube on how to set up a port forwarding in different routers.

You need to configure two TCP ports forward:

  • 8123 for accessing the Home Assistant remotely
  • 443 to use integrations such as Alexa Media Player.

Since we use the TP-Link A6 V3 router, we have explained the steps for the same below.

  1. Log in to the router and click Advanced. The login IP is usually or
  2. Click on NAT Forwarding > Virtual Servers.

  3. Click +Add.
  4. Type a name in Service Type, such as “Home Assistant”. This will help you recognize why you set this port forward.
  5. Enter the value 443 in External Port and 8123 in Internal Port. Also, enter the IP address of your Home Assistant instance and choose TCP from the Protocol drop-down.
  6. Repeat the step and add a new virtual server, but this time with an External Port and the Internal Port set to 8123 with the IP address of your Home Assistant server. Make sure to choose TCP from the Protocol drop-down.

Configure DuckDNS Add-On in Home Assistant

Install and configure the DuckDNS add-on in Home Assistant by following these steps:

  1. Open Home Assistant and go to Settings > Add-ons.
  2. Click the Add-On Store button and search for the DuckDNS add-on.
  3. Select the DuckDNS add-on from the search results and then click the Install button.
  4. After the installation, go to Configuration and click the three dots at the top. Choose Edit in YAML.

  5. In the YAML editor, paste the following code. Make sure to replace the token and the domain URL with your DuckDNS subdomain URL and token.
    token: a269c73b-b185-44e3-87ea-77ca759bc9c4
    aliases: []
    accept_terms: true
    algo: secp384r1
    certfile: fullchain.pem
    keyfile: privkey.pem
    seconds: 300
  6. Click Save.
  7. Also, enable Start on boot and Watchdog options in the DuckDNS add-on.
  8. Click Start to start the DuckDNS add-on and click Log.
  9. Keep pressing the Refresh button until you see Creating fullchain.pem…. +Done!

Update Configuration.yaml

Open the configuration.yaml file using the File Editor or Visual Studio Code add-on and add the following lines which tell the Home Assistant where the SSL certificate and key are stored for HTTPS connection.

ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

Click Save and then go to Developer Tools > Check Configuration. Check if Home Assistant will start or not. If yes, then click Restart for the changes to take effect.

After restarting, you may get a certificate warning when you access the Home Assistant via local IP. This warning can be ignored. Instead, use the hostname to access the Home Assistant on the local network. At this stage, you should be able to access and log in to your Home Assistant via the DuckDNS URL.

Configure the Companion App

If you use your smartphone to access and control smart devices via the Home Assistant companion app, you must update the external URL to access your Home Assistant from outside your network via the companion app. For this, follow these steps:

  • Open the Home Assistant companion app on your device. Make sure the device is connected to the local network.
  • Go to the Settings > Companion App option.
  • Tap on your user account at the top and then tap on External URL.
  • Type the DuckDNS URL beginning with HTTPS.
  • Tap Save.

Restart the app for the changes to take effect. You can now disconnect from the local network and connect to the mobile network. Open the app; the Home Assistant UI should be accessible over the internet on your smartphone.

Set Up Alexa for Smart Voice Alerts

Once you have connected and exposed your Home Assistant server to the internet, you may configure the Alexa Media Player integration. It requires authorization, which is possible only when your Home Assistant server is securely (HTTPS) exposed to the internet. The integration allows you to play voice and control Echo devices and Fire TVs. You can use the Text To Speech service to play alerts via Echo devices. For instance, we have set up voice alerts when the water tank is full, half, or empty. You can play these alerts from a single Echo device or all of them at once. You can find this integration in HACS.

Free and Secure Access to Home Assistant

With DuckDNS and Let’s Encrypt set up in your Home Assistant instance, you can now securely access your smart home from anywhere over the internet using your smartphone or any other device that can run a web browser. After exposing your Home Assistant to the internet, it’s important that you enable multifactor authentication (MFA)—using Google Authenticator, Authy, etc.—to safeguard your smart home from all kinds of bots, phishing attacks, and targeted attacks.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *