This is an extension to my “Home Assistant on Docker” post which can be found here: https://techstuff.leighonline.net/2023/03/10/home-assistant-in-docker-home-assistant-core/
The issue
Because I access Home Assistant over SSL, the IFrames must also be loaded over SSL.
Keep in mind that because we will be using a self signed cert, we will get the “bad certificate” icon in our browser every time after we accessed an IFrame, but that is fine. As long as it works.
OpenSSL on Windows
We will be setting up OpenSSL on Windows. Go to this URL and download the OpenSSL for Windows binary. You can download OpenSSL Light.
https://wiki.openssl.org/index.php/Binaries
After you installed OpenSSL, add the install path to your Path Environment Variable so you can just type “openssl” in command prompt:
If you have an already opened command prompt window you have to close and open it before the above will work.
Now run this command:
openssl req -newkey rsa:2048 -nodes -keyout privkey.pem -x509 -days 3650 -out certificate.pem
This will create your private key called “privkey” and a certificate called “certificate” in the folder you were in when running the command. The certificate will be valid for about 10 years (3650 days)
Notice we are NOT creating a root CA certificate. If you want you can create a root CA certificate and import it into your browser so that your browser will trust your self signed certs and not display the “this site certificate looks dodgy” message.
If you want to create a root CA, check out this page: https://devopscube.com/create-self-signed-certificates-openssl/
If you want to create a certificate with a SAN, check out this page: https://help.bizagi.com/bpm-suite/en/index.html?subjectaltname_support.htm
Configure Zigbee2MQTT SSL certificates
Copy these certificates to the volume that you mounted in your docker-compose file:
So my certificate and key will be located in: /opt/homeassistant/zigbee2mqtt/data/sslkeys/
Now update your Zigbee2MQTT config file:
Now in Homeasistant, we need to tell it to load Zigbee2MQTT over HTTPS: