Host public key file on Home Assistant with "NGINX Home Assistant SSL proxy" Add-on

[mano3m]

Feedback

For those of us that use the reverse proxy "NGINX Home Assistant SSL proxy" Add-on together with a service like duckdns for external Home Assistant access, the public key file can also easily be hosted locally instead of on a third party service.

1. In the Settings->Add-Ons->NGINX Home Assistant SSL proxy->Configuration, set the customize.active option from the default false to true
2. Create a nginx_proxy_default_tesla.conf file in /share/ with the following contents:

location /.well-known/appspecific/com.tesla.3p.public-key.pem {
  root /share/tesla;
}

3. Copy the generated public key to /share/tesla/.well-known/appspecific/com.tesla.3p.public-key.pem
4. Restart NGINX on the Settings->Add-Ons->NGINX Home Assistant SSL proxy->Info page

URL

https://www.home-assistant.io/integrations/tesla_fleet/

Version

2025.2.5

Additional information

No response

[home-assistant]

Hey there @Bre77, mind taking a look at this feedback as it has been labeled with an integration (tesla_fleet) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of tesla_fleet can trigger bot actions by commenting:

• @home-assistant close Closes the feedback.
• @home-assistant rename Awesome new title Renames the feedback.
• @home-assistant reopen Reopen the feedback.
• @home-assistant unassign tesla_fleet Removes the current integration label and assignees on the feedback, add the integration domain after the command.
• @home-assistant add-label needs-more-information Add a label (needs-more-information) to the feedback.
• @home-assistant remove-label needs-more-information Remove a label (needs-more-information) on the feedback.

[Bre77]

You could just raise a PR to add these instructions to the page.

[mano3m]

I see that you've improved the https://fleetkey.cc/ site to make it simpler for users (it didnt work yet when I installed the integration, so I used the AWS S3 option). With hosting locally, however, a lot of the other steps can probably also be done locally with a configure script in the Tesla Fleet integration..? This might make it a lot simpler/more accessable for users.

[Bre77]

a lot of the other steps can probably also be done locally with a configure script in the Tesla Fleet integration..?

Yep, Tesla didn't really give me much notice about this. The whole integration was setup to use the built in credential because it was already registered and ready to go. Now that users have to set it up themselves it would actually have been better to use Machine 2 Machine credentials, so I am hoping I can, combined with the tesla_bluetooth integration, create a much more seemless setup experience that requires zero external dependancies.

But its going to take time as I need to focus on fixing Teslemetry first since people are paying me to do that.