Access to HA with local adress / request on a https secured server

Hello everybody !

after a lot of research I try to ask you my question :blush: :

I tried to have a secured connection, so I made a duckdns domain, and installed certification with Letsencrypt. (https://home-assistant.io/blog/2015/12/13/setup-encryption-using-lets-encrypt/)
I was happy, because it works on my wifi and ouside.

But I was less happy when I tried to use my Amazon Dash Button…
In fact, I use dasher (server to hack Dash buttons for home assistant). It send an url, which trigge a scene on HA local adress (192.168.X.X) :
{
“name”: “Depart”,
“address”: “xx:xx:xx:xx:xx:x”,
“url”: “http://192.168.X.XX:8123/api/services/scene/turn_on”,
“method”: “POST”,
“headers”: {“x-ha-access”: “xxxxxxxxxxxxx”},
“json”: true,
“body”: {“entity_id”: “scene.depart”}
}

How can I adapt this code to make a request on my secured HA, or disable certificat when I’m connected in local on 192.168.X.X, or an other solution…
I’m a beginner in network and I don’t understand details… but if somebody has a solution…

thank you !!!

Can dasher call HTTPS URLs?

The equivalent to your old URL would be
https://192.168.X.XX/api/services/scene/turn_on

https implies port 443

No it doesn’t works…

An ugly solution is to run two HA’s, one to accept dash button command and then mirror that button to https HA though the api. A better solution is to use one of the bridges like this (not sure if it work to https)

Hi,

You’ve tried it with HTTP (no S) on port 8123 in your original post

You’ve tried it with HTTPS with no port after @ih8gates suggestion.

Have you tried it with both?

"url": "https://192.168.X.XX:8123/api/services/scene/turn_on",

To access my SSL’d HA instance frominside my network I must use both https AND the port number. It moans about an insecure connection as the certificate is signed to duckdns, but it does connect.

I have an access with a computer browser to “https://192.168.X.XX:8123” but it tells me that it’s unsecure.
I say that i’m aggree with that and I it’s works.

But when I put this url on my Dash button it doesn’t work, because I can’t access it’s unsecure…

Can it loopback via your duckdns address?

"url": "https://YOUR-URL.duckdns.org/api/services/scene/turn_on",

I treid too… without success… I also tried with my Token of duckdns…

Doing it the most recent way do you see a failed login attempt in the log when you execute the script?

Yes, I’ve got an error :
homeassistant.components.recorder: Error during query: (sqlite3.OperationalError) database is locked

That wasn’t at all what I was expecting :joy:

I can only think of one more thing here, and that is that the connection is being rejected because of no password. That is to say that when you used to access it locally you did not need to use the password, but now you are looping back through duckdns it requires one. If I understand the documentation correctly, this would be your code (replacing YOUR_URL and YOUR_PASSWORD where appropriate):

{
"name": "Depart",
"address": "xx:xx:xx:xx:xx:x",
"url": "https://YOUR_URL.duckdns.org/api/services/scene/turn_on?api_password=YOUR_PASSWORD",
"method": "POST",
"headers": {"x-ha-access": "xxxxxxxxxxxxx"},
"json": true,
"body": {"entity_id": "scene.depart"}
}

If that doesn’t work I’m out of ideas :thinking:

Firstly, thank you so much for all your help !!

@anon43302295, I think I already tried this, unless api_password don’t be my HA password but my duckdns password ?
Because in fact, in reality “headers” : {“x-ha-access”: “my_HA_password”}

I don’t know how to say that my dash buttons don’t need certification…

Or my second method (in my head) was to access to HA with local adress, because when certicates are uncommented in configuration.yaml, 192.168.X.X is bloqued. but if it was available, I could keep my dashButton’s code as original !

Yeah, it should be your HA password, and I figured the “headers” bit was your HA password, but I just thought maybe it’s not getting that far because it is rejecting the connection when you first connect due to no password in the url.

I don’t think you can have it as SSL for some and non-SSL for others, and if you can it is way over my head. Sorry I couldn’t figure it out. Hope you get it worked out eventually :+1: