Multiple devices behind one Ubuntu with LetsEncrypt

I have a Ubuntu 18.04 box behind my router. It has a LetsEncrypt certificate and when tested using SSL Labs I get an A rating. Great.
However I have four major computer systems I access all the time which are also behind the router. One is a raspberry PI running HASS.IO (Home Automation). If I use HTTPS to go to my Home Automation computer I get the NET::ERR_CERT_COMMON_NAME_INVALID error in Google Chrome. Yes I know I can select advanced and ignore it, but wouldn’t it be nicer if it showed a secure connection.
How do I do this? Do I merely copy the X506 certificate off Ubuntu onto my raspberry PI? Where would I put it and how would I register it? I access my PI using the same domain name as my Ubuntu box, just a different port, so the URL is the same as the certificate registration, just the port number is different.
There must be an easy way to have any device behind my firewall/router respond with the right certificate. My router is a Nighthawk X6 R8000, can I get it to handle the certificate directly?

That depends on how Home Assistant handles SSL certificates. It seems to be fairly easy:

http:
  ssl_certificate: /home/your_user/.homeassistant/certificate.pem
  ssl_key: /home/your_user/.homeassistant/privkey.pem

That’s just from a sample on their website (it’s a topic about self signed certificates, but if you copy the cert from Ubuntu, that little part is enough), you’d need to change the directory to where your .homeassistant actually is.

Also, you could use Ubuntu as a reverse proxy. That’s a much better solution, as you can use certbot or any other ACME client on your Ubuntu to automatically get the certificate et cetera. Way less hassle.

I did copy the certificates from Ubuntu to my Raspberry Pi (Fullchain.pem and privkey.pem) and this worked straight away. I was wondering how I keep them up to date between the two machines. Could I in fact run an update task on both machines, renewing the certificate by passing identical information to LetsEncrypt from two parallel machines behind the same URL?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.