I used the duckdns w/ letsencrypt addon to enable HTTPS on my HA instance. I can now connect to my HA from the internet via HTTPS. However, local access on the LAN is not working on Android app. I’d like the Android app to work even when I’m on my home wifi.
I’m able to access the HA via a computer on the same LAN, and via web browser on my phone, via the https://192.168 address.
But when I’m on local LAN, the app throws these errors. It seem like when it’s on the correct wifi (the ssid that is listed as local), it fails to recognize that its on LAN wifi and tries to use the remote connection maybe? I’ve made sure the HA app has location and nearby devices permissions.
Home Assistant URL: https://MySubDomain.duckdns.org
Home network: added my wifi name from the pick, so no mistakes.
Internal Connection URL: https://192.168.1.104:8123/
I’ve updated the Android app to the latest today, and I’m on 2025.12.1 of HA. A bit ago, when I first started setting this up, it seemed like I got it working on LAN. But now none of the 3 Android phones’s HA app are capable to accessing HA in WiFi.
No. I didn’t know you had to do that. I thought the local connection would just ignore certificates - kinda like how if you use https://IP-address on your browser you can ignore certificate because it’s obviously an IP address and not a URL? I thought the remote connection that uses the yoursubdomain.duckdns.org is the only what that actually uses the certs and letsencrypt.
Don’t you have to set config yaml to https when you want to use the duckdns addon? Once you set that, regular http is no longer available. So on my system, http isn’t available, have to use https:local-lan-IP and ignore certs warning.
I didn’t know that, as i don’t use duckdns, so as AshaiRey says, you need a certificate
Https always requires a certificate, even for local traffic
In the Android APP there is however an “option” to choose Most-Secure or Less-Secure
Most-Secure is Recommended , Less-Secure might let the APP skip certificate verification (on Lan/Wifi ), like in a browser
If your not “comfortable” with Having the Less-Secure Option, Don’t Choose it
( It’s basically a matter of “thinking about” How and where you use your APP, as it will Skip certificate verification over WIFI )
Thats expected cause the certificate its issued for a domain that doesnt match with your local network domain.
Never tried with duckdns, but I use cloudflare tunnel and use a custom domain, that domain its assigned in my router to my local lan, so if i tried to acces from outside my network it goes trough cloudflare tunnel, if I access from my lan it resolves to my internal ip
I think you misunderstood. For local connection with both your phone and your HA in the same LAN, you will want to use http://192.168.1.104:8123/ in the Internal connection URL field. I hope that still works.
… because if using https on 192.168.x.x, you would not survive the certificate challenge, as such (unlike a browser) the app would not know what to do, and then you see the “mismatch” error message.
One way to get around this is to also use https://MySubDomain.duckdns.org in the Internal connection URL field. But then there is a small(?) downside: when your internet is down, DNS challenge would fail, you would not be able to get to your HA even when your phone and HA server are both inside the same LAN.
If you really want to do local IP with https, you will want to set up / manage your own SSL certificate, and this is in addition to DuckDNS & LetsEncrypt, which covers remote access but not local https. This is definitely possible but not very user friendly / not straightforward.
If you want to go this route, look into Nginx Proxy add-on, which handles LetsEncrypt also. I’m sure there are YouTube out there about this very subject.
I did try to set http (no s) for the internal connection URL in the app, and that didn’t work. Are you sure that’s how it’s supposed to be? When HA has https configured, it doesn’t even offer a http (no s) connection. So if I open up a browser, I can’t access HA at all on the http (no s) connection. Only on the https://IP-address.
My network doesn’t seem to do hairpinning, so I can’t use the http://subdomain.duckdns.org address when I’m on LAN. Hence my current problem.
In that case, and if you would like to continue this route, you will want to look into the Nginx Proxy. There are 2 main addons/apps out there:
“NGINX Home Assistant SSL proxy” would let you proxy to HA, so between the proxy to HA and your LAN device to HA would always stay http (HA do not do SSL at this point, you will remove the config you added in the yaml)…
whereas…
The other “Nginx Proxy Manager” will let you do the above, plus offer you the same proxy back into your other non-HA homelab services… with extra considerations and setup steps to go through.
===
Or choose different routes out there:
3. Cloudflare route as mentioned earlier is fairly straightforward, no need to open any port from your router, but would require you having your own domain (cannot use Duckdns any more)
4. Or you do VPN? So VPN back when you are remote, and no VPN and just do http when you are home.
5. And then there is ZeroTier & Tailscale - those would still be VPN at heart, but with a spin of software defined network magic.
6. I cannot not mention Nabu Casa, which is dead simple. Not free, but you don’t have to deal with any of the above. Zero maintenance and no setup other than sign up… anyways something to consider.
