if you want a certificate trusted by every client out of the box, you need to have it signed by one of the standard root/intermediate-CAs provided with the browser or operating system. That comes with a price tag… I believe you are easily in the 2-digit dollar range per year.
That’s how certificates work, the whole chain up to Root-CA needs to be trusted.
Or you have your own certificates signed by LetsEncrypt, but they need to validate that you own the domain and of course this only works for your internal domains, they wouldn’t sign a certificate for a FQDN where the domain belongs to a DDNS-provider. LetsEncrypt Root-CAs and Intermediate CAs are provided by browsers and operating systems.
When creating you own Root-CA, you have to trust it only once on every device, assuming you are rather generous with the expiry-Date. A few minutes with every new device to be used for the companion app.
I guess it needs to be system wide, but can’t validate in my system
it is, but I’m not aware of a user friendly way to handle this?
The companion app may ignore certificate errors, but I’m not sure Android respectively iOS allows this?
The companion app should not have permissions to add new trusted CAs to the system?
For me, LetsEncrypt is so far the best solution, but costs me about 30 minutes every 3 months to update certificates before they expire. Retrieving the new wildcard certificate is about 10 minutes, because it need to manually add the TXT-Records into the DNS, the rest is because I have to distribute to 4 Raspberry, a Synology and my Router and I was too lazy to write a script for distribution.
@armin-gh :
Exactly, certificates are a pain, especially when you are trying to stay local and do not want third party host services etc.
Hence my discontent about the current need for them in a home automation server such as HA which is not necessarily intended to be used with those services.
For your second post: I think you can automate the regeneration of your certificates. But I forgot where I read it today/yesterday. I think it was actually a HA blog article on LetsEncrypt.
I guess it will get more difficult in the future, the browsers and Webview/WebKit will force https without exception.
will check if auto-renewal is meanwhile possible with the combination of wildcard certificates and DNS validation, last time I checked I had to provide new TXT-Records in the nameserver configuration every time.
To me this " Assist " suddenly look more and more like an “Add-On” with multiple dependencies, huge amount of work/maintenance, and certainly NOT a feature for the average Users, and if the “Assist” is not independent, everyone will be forced to use SSL, if they want/need the mobile APP
I think if you put a twist on this, you can get away without having to use SSL. The limitation is for the browser. What if the app processes itself the voice and transmits to the HA server and not the way how it is done currently, as sends audio through the browser.
The only thing that is required is to bring up a built in app module to record the voice which will pass the data to the server afterward, and not directly by the built in Web page feature. Basically how ESPHome does it, but by using code in the app and not on the Web page (HA server).
The same way as the app sends sensor data from the phone to HA.
The question here would be, would it pass security checks when published to Play Store. Or would be flagged as an unsafe practice…
During testing of Whisper add-on I downloaded several language models which now occupy very much of disk space. How can i delete models not needed anymore to recover some free disk space back?
Now my backup is more than double the backup size before whisper installation…
Aha - thank you! I didn’t even know there was an official integration for Apple-TV
I guess that means I first have to delete/remove the custom integration - assuming they cannot live side-by-side?
if im using my laptop, or PC, i have a great Overview and a mouse, much easier to click the switch/button, or click the left menu to another view, for info etc.
In my Vision, when it started, i was only imagine using the assist UI from my phone, in some “rare” occasions( like sitting in the garden soaking sun and beers, and to lazy to get up ), and i do expect/hope there eventually the option of voice-command triggered
Note: im definitely not a fan of small mobile device, have 10 thumbs, bad eyesight , and unpatience nature
It’s not currently flagged(regardless of no SSL), so i can’t see why not, beside it do/did work with 2023.4.6, before all the new “dependencies”
I have tried adding the CA certificate to my android phone and it takes it. But my companion app won’t connect because it claims my certificates don’t match and my chrome does not seem to have a setting to install certificates in chrome itself.
I am giving up for now. Maybe someone will figure out a reliable way of installing ssl with DDNS providers or owning domains.
Man… first the HA-OS update bricked BT communication, now HA CORE is killing every custom integration. I don’t understand why everything I’ve installed using HACS is now dead on this release.
I have reverted back, and I’m not mad, but I want to understand why… is this the dev’s trying to kill the HACS community? Not sure, but it’s very strange that everything stopped working after this update and I don’t see anything under breaking changes nor anything relating to custom integrations / how the data is pulled into HA listed under the changelog.
No. It is something wrong with your installation or the third party integrations/plugins you have installed. None of my third party integrations and plugins stopped working.
If you restored a backup then update again and check System → Logs.
If you only downgraded the core version then you can check the contents of home-assistant.log.1 without upgrading.
It was a joke, the whole dev thing, lol. I was emphasizing a previous post that HA staff are out to get everyone. Obviously, I know that is not true lol.
No, I’m using a stackable board
Suptronics X825 2.5" SATA HDD/SSD Shield and SSD Kingston A400 120 Gb
So far I haven’t had any problems for about 3 years.
