In our previous Home Automation tutorials - our Home Assistant traffic traverses through the Internet un-encrypted.
This means anybody can intercept the data and peek into the contents. Because everything is in the clear, the API password that’s embedded in the URL is also exposed to the public.
I’m perfectly fine with that, most people will consider this a security risk.
Securing web sites used to cost a lot of money - domain names and SSL certificates can cost a lot of money. Times have changed. Thanks to LetsEncrypt and DuckDNS, SSL protected websites are no longer for the rich.
There are two main reasons to encrypt your HomeAssistant assistant:
- All communications back to your Home Assistant to and from the Internet will be encrypted.
- With SSL - you can now link your Home Assistant setup to Google Home (Home Control). This opens up some of the home controllable devices to the greather Google system - and is a lot flexible than IFTTT.
Sure devices like YeeLights can already be connected directly to Google Home. However, personally I reckon it is far better in the long run to centralise everything in Home Assistant, then expose the things you want into Google.
Even if you are not fussed with security, #2 alone justifies the effort to secure your Home Assistant. In this tutorial we will show you how to create your very own domain and to how to use LetsEncrypt certificates to secure your Home Assistant server.
Linking Home Assistant setup to Google Assistant will have to discussed in another time.