Recently I decided to simplify my Home Assistant config and in doing so I decided to move off my duckdns domain to Cloudflare. There were three big reasons this sounded like a good idea:
- Stop relying on scripts to auto renew my Let’s Encrypt cert
- I had a domain sitting around I wasn’t using.
- Cloudflare’s services were free including a 15 year ssl cert.
And the process was super simple. I use Hassbian for my install so if you are using a different setup your process may be a bit different.
First, and probably the longest was moving my domain’s DNS from the current provider to Cloudflare.
I went to www.cloudflare.com/ssl/ and signed up for an account.
After that I added my website:
The next thing you have to do is pick a plan. The free works for this and includes everything you need to get your ssl setup.
Once you confirm your plan, Cloudflare will query your DNS records. From there you will be provided with the Cloudflare name servers that you will need to take to your domain registrar and update unless you transferred your domain to Cloudflare. In my case I just left the domain at the current registrar.
I didn’t include images of Name Server process because it would require me blurring all kinds of stuff, and honestly, if you are planning on doing this I have to believe you can find your way through the Cloudflare service and updating your domain. It was super easy, and the path is well documented.
After pointing the domain to the Cloudflare name servers it is time to update Cloudflare’s DNS Records. Go to the DNS page if you are not already there:
You will want to update the IP address to point to your public IP home your Home Assistant. I actually added a subdomain to my domain, ha.mywebsite.com, but just have the top domain be the one you modify. In my case I added an “A” record name “ha”, and pointed it to my public IP leaving the other records as is. For clarification, I used 127.0.01 in the image below as an example, like I said this needs to be your public IP of the server hosting Home Assistant.
After that, it’s time to grab your cert. Click on Crypto at the top of the page.
I changed the to Full Strict. I’ll leave it up to you dear reader to decide which option is best for you.
Then scrolled down to the Origin Certificate Installation and clicked “Create” and fill out the form:
When you complete this setup you will be shown the certs. You will need to copy and paste them into files on your Home Assistant.
I copied the pem and the key to files on my Home Assistant and put them in a folder under my homeassistant account. What I ended up with was two files located at:
After that I suggest you wait a few hours for the change to propagate. During this time you can setup your secrets file with your new info.
In your secrets file create some new lines for your new files and base url:
cf_ssl_cert: /home/homeassisstant/cloudflare/certs/mywebsite/ha.mywebsite.pem cf_ssl_key: /home/homeassisstant/cloudflare/certs/mywebsite/ha.mywebsite.key cf_base_url: ha.mywebsite.com
And then when you are finally ready to cut over its time to update your site information. I suggest just commenting out the existing config until you have tested. That makes it easy to rollback.
Add the following under your `http:` section
ssl_certificate: !secret cf_ssl_cert ssl_key: !secret cf_ssl_key base_url: !secret cf_base_url
Then the moment of truth. Restart Home Assistant.
If everything worked as plan you should be able to visit ha.mywebsite.com and see your Home Assistant instance. From there it is just updating all your links and apps to use the new domain.
After that just following the instructions at https://www.home-assistant.io/components/cloudflare/ to enable the CloudFlare component.
I found this change super simple. The only issue I ran into was I got a little too excited and tried to move before the DNS changes had propagated resulting in some random host not found errors. But once the changes propagated everything was good.
If you are thinking about make the change from duckdns to Cloudflare it should be pretty simple and it comes with a lot of benefits including automatic renewal without having to open ports or use a script. If you want some more information about people that did the same change head over to the Home Assistant forum and search for Cloudflare. Lots of good posts regarding this topic.
And if you are into Home Automation and you are not using Home Assistant you just might be doing it wrong.