I’m running hassio on a rbpi3 with lets encrypt ssl. I have a domain registered that I use as adress for the pi. However, after a powerloss I can no longer access my hassio through https://domain:8123… I can only access my hassio through https://192.168.1.99:8123
nothing is wrong with the installation as far as I can see, i have reinstalled everything because the time was wrong, the problem was that the pi couldn’t go out to internet due to wrong dns’es and set the time or download updates, update addons and so on… So i reinstalled and fixed that and now I get this… Has anyone seen this before? What could be wrong?
Do you mean https://hassio.local:8123 ? If it worked you would get a certificate name error anyway. H hav enever been able to access HA through https://domain:8123
It looks like https://hassio:8123 also works because it points to the local network IP, I get a name error but I can continue to the logon screen just as with the IP-address.
It also works if I set a dns-override in my local “hosts”-file for 192.168.1.99 to my dns.
So now when the dns resolves to my external IP it won’t work, but any dns-alias that resolves to the hassio local ip will work, can it be something with the firewall? but I havent changed anything, the only difference is the hassio-upgrade to latest version
Update. tried to browse https://external-IP:8123 and it gives me the same error (403: Forbidden)
it is not dns-related at all, it simply wont work if I come from the outside anymore… the only thing I can think of is that I upgraded my pfsense firewall to latest a few weeks ago…
http:
base_url: https://mydomain:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
# Secrets are defined in the file secrets.yaml
api_password: !secret http_password
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
# base_url: example.duckdns.org:8123
ip_ban_enabled: True
login_attempts_threshold: 3
http.api_password - Deprecated - Users who are still using api_password for authentication will need to move its configuration under auth_providers. Please see the updated documentation for further details. Those who don’t make this change will see an INFO level reminder in the Home Assistant logs until the fix is made for a time, but please note, api_password authentication will eventually be removed completely and we advise users to change to use one of the other authentication methods. If you manually specify auth providers in your configuration.yaml , you will need to migrate your API Password from the http section to the auth provider section to continue using it. (@awarecan - #21884) (api docs) (frontend docs) (hassio docs) (http docs) (mqtt docs) (websocket_api docs) (zeroconf docs) (camera.proxy docs)
it didnt get banned!.. I can get to my hassio from the outside with my phone if I switch WiFi off… it is when I’m on the inside (wifi) and go to https://mydomain:8123 (which points to the external IP) that it wont work.
If I redirect the domainname to the internal IP it works from the inside… but I want all traffic to go throught my firewall so redirection my domain to my internal IP of the RBpi is not an option…
I’m glad I’m not alone, sadly enough… But I solved it for now with disabling ip banning, maybe it works for you too? Feels wrong but either that or no home automation at all. And my home is deeply dependant on ha nowadays, it keeps my housetemperature at level
Same position as you. Everything was working absolutely fine pre 0.92.0. after that my web interface and Google Assistant (self configured, not with Nabu casa) started to work intermittently and today I ran into this issue (403).
Basically it comes down to connectivity.
I find it odd that I do absolutely nothing and it starts working again, my IP is not banned, my public IP is updated in Cloudflare (or Route53).
I only had one IP banned on my list (I know the source and it’s fine), but it kept me from externally accessing my web interface from other IPs (for example connecting via 4G with my phone) and it also broke my Google Assistant (which had nothing to do with the banned public IP which belonged to my network).
I started using Suricata and got a new router recently, at first I blamed it… Turns out it was just mere coincidence, after a couple weeks of issues here and there I tracked it down to being an HA issue only. Not the firewall, not cloudflare, not NGINX, not Google API, etc.
So far disabling the IP ban as you suggested seems to be working. In 2 years of having Homeassistant I haven’t had an unrecognized banned IP so hopefully I’ll fine.
Odd because I just had an SD card failure and had to rebuild everything from my GitHub repository… (snapshot didn’t restore everything onto the new card :() Now I’m getting this error, too. Will try to turn off IP banning when I get home.
Hmm, I find it kind of weird for so many people to have the same issue since when I had it the first time. I taught there would be some fix for this by now, or at least some explanation. I have stopped upgrading since ver 0.90 because of these problems. I’m afraid that if I upgrade the issues will be worse and I dont have the time to fiddle unfortunately. I’ll buy a new SD next time I upgrade just in case
Hi, Just had a same situation (a Year latter)
Thanks for tips with baned IP, my external IP existed in ip_bans.yaml,
After I removed it, all works back again
the only thing I can think of is that I upgraded my pfsense firewall to latest a few weeks ago…