setting upp SSL encryption with Lets Encrypt

I'm using the standard Hass.io Add-on repository and the Let's Encrypt Add-on

Go to the hass.io menu, and then Add-on Store.

Choose "Let's Encrypt" and Install it

Add the following to the configuration for the Let's Encrypt addon, dont forget to update with correct email and domain.

{
  "email": "[email protected]",
  "domains": [
    "domain.se"
  ],
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "challenge": "https"
}

Set up port forwarding of port 443 to 443 and port 80 to 80 to your dockerhost. If you have any other container running on port 80 then stop it.

Start the add-on and check the logs:

starting version 3.2.4
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for martikainen.se
Waiting for verification...
Cleaning up challenges
Non-standard path(s), might not work with crontab installed by your operating system package manager
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /data/letsencrypt/live/martikainen.se/fullchain.pem
   Your key file has been saved at:
   /data/letsencrypt/live/martikainen.se/privkey.pem
   Your cert will expire on 2018-06-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /data/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

When it's done remove the temp port forwardings you created and add:

Port 443 -> Port 8123 to the hass.io host.

Open your configuration.yaml and add the following:

http:
  api_password: !secret api_password
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  base_url: !secret base_url
  ip_ban_enabled: True
  login_attempts_threshold: 3