Hi,
I setup HA with duckdns and lets encrypt. I can access the external and internal url from my browser. For example:
External: https://example.duckdns.org
Internal: https://homeassistant:8123
But when I add these urls into the android app, I can only access my system with the extern url.
When I add the internal url in the app I get this error message:
I added these lines into my config:
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
I can’t read that error unfortunately so im not sure exactly what it says. But based on the config youre showing me you are definitely going to run into certificate issues on the internal url so I’m going to guess that error is telling you something like “this connection can’t be trusted” and asking if you want to proceed anyway.
The reason is ssl certificates are only valid for a specific domain. When you went through the letsencrypt process you got an ssl certificate for your external duckdns domain (https://example.duckdns.org in your example above). Youre trying to present that same certificate to people connecting to HA on https://homeassistant:8123. But that certificate isn’t for that domain so all clients (like your browser or the mobile app) are going to object and say this website is insecure and can’t be trusted since it’s presenting someone else’s ssl certificate.
This is the downside with the port forwarding approach, where you forward an external port directly to port 8123 on your machine running HA. It works but kind of makes your HA inaccessible via local url. Or somewhat accessible if you’re able to tell all clients connecting that way to ignore the certificate error.
I’d recommend looking at the nginx proxy manager add-on. It’s easy to set up and allows you to require https access on your external url but allow http access to your internal url when within your network. This way both urls work fine without certificate issues
Hi,
I am not sure how I must config the nginx. For your info, the error message is something like: “There was an error with the connection, please check this”. But I can call exact this url in the browser and can access the page.
Maybe I have some setting wrong?
I setup duckdns:
lets_encrypt:
accept_terms: false
certfile: fullchain.pem
keyfile: privkey.pem
token: my.....token
domains:
- my-domain.duckdns.org
aliases: []
seconds: 300
Lets encrypt:
email: my-mail-adress
domains:
- my-domain.duckdns.org
certfile: fullchain.pem
keyfile: privkey.pem
challenge: http
dns: {}
like this.
When you say that you can access it in the browser, when you first went to the URL did you see a screen like this:
And then click advanced and then click proceed anyway like this:
Yes so this is a certificate error. It occurs for the reason I described, you have an SSL certificate for a particular domain (something like https://example.duckdns.org) and you’re trying to use it for another domain its not intended for (https://homeassistant:8123). This causes a certificate error and clients by design don’t trust websites with certificate errors (for legitimate security reasons although its obviously annoying in this case).
Some clients, like your browser, allow you to get around this error by giving you an option to ignore certificate errors situationally. Other clients, like the mobile app it seems, do not give a way to get around this error and simply won’t let you connect to a website with a certificate error.
The easiest way to get around this is just to always use the external URL and don’t set the internal URL. Everything will work fine for you in this case but it will always be going through duckdns to get to your HA, even if you are inside your house. If you definitely want to use the internal URL when you are local then you have a few options, the easiest two are probably:
My current solution is to use only the external url. Thanks for your hints. I will try the nginx way.
