Last week the self created alexa smart home skill stopped working for me. (without any change on the configuration … of course ). It tells me that my skill is not linked anymore. And that’s the point where I’m struggling because I’m not able to link it anymore. It always tells (in german on my device) “Kontoverknüpfung erforderlich” - which means something like “account linking needed” in english) and when I try to link it it tells me that the links could not be established successfully. It always says “[SKILL NAME] konnte nicht mit Alexa verknüpft werden” which means something like “[SKILL NAME] could not be linked to Alexa” in English.
What I already did for troubleshooting:
enabled debug logging on the alexa component - it does not spawn any related log during the authentication process
recreated the whole lambda function (test-successfull - reports all my smart-home devices during lambda-function-test)
recreated the whole smart_home skill - no success with linking
Created a new user with a new password and tried linking with this one - no success with linking
I CAN see requests hitting on the nginx-reverse-proxy logs from amazon/alexa during the authentication-process
[06/Dec/2021:08:07:44 +0000] - 200 200 - GET https my-url.acme.org "/auth/authorize?client_id=https%3A%2F%2Flayla.amazon.com%2F&response_type=code&state=A2SAAEAEBF4-J7C7FPs853I7seR-NYB8Fbb2bAHwY0bzOcjwU369TgKa_Y36GFGKVgb8d7kJ5Q2b5PypwJ-ojLkaxsKrqwGhBCbiXlx96XaGJt2cswe_krQ9ZExq8wJzTcWfgUa_fUA_gSRiOdQrU-fPqFOoSbnjicP5nFxEA-IhY3FPN3CgCCDzbireXhP8s5hJzGndyfTuPClu5TKO3o9LJzO8-YqLEi97qRFGjGuCj_Z6FQrliYE4k8e9l3bTlc1m4W2NU-iGyZcqlVpyPO8d0niu1eLhpV5s-D17Ntsj6Zin22w0cFVbw0Fa0kHuHzKM3tNns_FtJi3ybbeyKoZOLVd1AhGJTulnkC7ntVXomabf_jAWLEBkJxjdExN_REdFwV7LdDHgtu3VBDGzt2x2-iEW5BuO7d-k3MQac6lonis7Dlna2eBZejInrJ24I5txok2VhEuFLzY8ady_o9rOnIOnhUWhnDtAfYfCtIRqzm9pE9wvxaNXpMDZHIccqIQRrORAYZ7EHktZ8KvVouOA6pU0nf_YJZvNWW9frjVNiI0ZYAms6cNadtfqkSOspV81IOVPWjLFBBonJ1Lh02PP7bfBD7G3KpknFtNZeLU-mb5gPemp5b6Rhc2KgI9YhYKAzN_-or-LLn_LbZYCyl-F_SBAdhAFvNj_hJ1m4rhnYkkMWPbT6s&scope=smart_home&redirect_uri=https%3A%2F%2Flayla.amazon.com%2Fapi%2Fskill%2Flink%2FM3FIWMEYBG09NI" [Client 172.68.110.123] [Length 1236] [Gzip 1.90] [Sent-to 192.168.100.244] "Mozilla/5.0 (iPhone; CPU iPhone OS 15_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Mobile/15E148 Safari/604.1" "-"
[06/Dec/2021:08:07:44 +0000] - 200 200 - GET https my-url.acme.org "/auth/providers" [Client 172.68.110.123] [Length 78] [Gzip -] [Sent-to 192.168.100.244] "Mozilla/5.0 (iPhone; CPU iPhone OS 15_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Mobile/15E148 Safari/604.1" "https://my-url.acme.org/auth/authorize?client_id=https%3A%2F%2Flayla.amazon.com%2F&response_type=code&state=A2SAAEAEBF4-J7C7FPs853I7seR-NYB8Fbb2bAHwY0bzOcjwU369TgKa_Y36GFGKVgb8d7kJ5Q2b5PypwJ-ojLkaxsKrqwGhBCbiXlx96XaGJt2cswe_krQ9ZExq8wJzTcWfgUa_fUA_gSRiOdQrU-fPqFOoSbnjicP5nFxEA-IhY3FPN3CgCCDzbireXhP8s5hJzGndyfTuPClu5TKO3o9LJzO8-YqLEi97qRFGjGuCj_Z6FQrliYE4k8e9l3bTlc1m4W2NU-iGyZcqlVpyPO8d0niu1eLhpV5s-D17Ntsj6Zin22w0cFVbw0Fa0kHuHzKM3tNns_FtJi3ybbeyKoZOLVd1AhGJTulnkC7ntVXomabf_jAWLEBkJxjdExN_REdFwV7LdDHgtu3VBDGzt2x2-iEW5BuO7d-k3MQac6lonis7Dlna2eBZejInrJ24I5txok2VhEuFLzY8ady_o9rOnIOnhUWhnDtAfYfCtIRqzm9pE9wvxaNXpMDZHIccqIQRrORAYZ7EHktZ8KvVouOA6pU0nf_YJZvNWW9frjVNiI0ZYAms6cNadtfqkSOspV81IOVPWjLFBBonJ1Lh02PP7bfBD7G3KpknFtNZeLU-mb5gPemp5b6Rhc2KgI9YhYKAzN_-or-LLn_LbZYCyl-F_SBAdhAFvNj_hJ1m4rhnYkkMWPbT6s&scope=smart_home&redirect_uri=https%3A%2F%2Flayla.amazon.com%2Fapi%2Fskill%2Flink%2FM3FIWMEYBG09NI"
[06/Dec/2021:08:07:44 +0000] - 200 200 - POST https my-url.acme.org "/auth/login_flow" [Client 172.68.110.123] [Length 210] [Gzip -] [Sent-to 192.168.100.244] "Mozilla/5.0 (iPhone; CPU iPhone OS 15_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Mobile/15E148 Safari/604.1" "https://my-url.acme.org/auth/authorize?client_id=https%3A%2F%2Flayla.amazon.com%2F&response_type=code&state=A2SAAEAEBF4-J7C7FPs853I7seR-NYB8Fbb2bAHwY0bzOcjwU369TgKa_Y36GFGKVgb8d7kJ5Q2b5PypwJ-ojLkaxsKrqwGhBCbiXlx96XaGJt2cswe_krQ9ZExq8wJzTcWfgUa_fUA_gSRiOdQrU-fPqFOoSbnjicP5nFxEA-IhY3FPN3CgCCDzbireXhP8s5hJzGndyfTuPClu5TKO3o9LJzO8-YqLEi97qRFGjGuCj_Z6FQrliYE4k8e9l3bTlc1m4W2NU-iGyZcqlVpyPO8d0niu1eLhpV5s-D17Ntsj6Zin22w0cFVbw0Fa0kHuHzKM3tNns_FtJi3ybbeyKoZOLVd1AhGJTulnkC7ntVXomabf_jAWLEBkJxjdExN_REdFwV7LdDHgtu3VBDGzt2x2-iEW5BuO7d-k3MQac6lonis7Dlna2eBZejInrJ24I5txok2VhEuFLzY8ady_o9rOnIOnhUWhnDtAfYfCtIRqzm9pE9wvxaNXpMDZHIccqIQRrORAYZ7EHktZ8KvVouOA6pU0nf_YJZvNWW9frjVNiI0ZYAms6cNadtfqkSOspV81IOVPWjLFBBonJ1Lh02PP7bfBD7G3KpknFtNZeLU-mb5gPemp5b6Rhc2KgI9YhYKAzN_-or-LLn_LbZYCyl-F_SBAdhAFvNj_hJ1m4rhnYkkMWPbT6s&scope=smart_home&redirect_uri=https%3A%2F%2Flayla.amazon.com%2Fapi%2Fskill%2Flink%2FM3FIWMEYBG09NI"
[06/Dec/2021:08:07:56 +0000] - 200 200 - POST https my-url.acme.org "/auth/login_flow/9225eef45e7948e7b806d2719c848945" [Client 172.68.110.123] [Length 200] [Gzip -] [Sent-to 192.168.100.244] "Mozilla/5.0 (iPhone; CPU iPhone OS 15_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Mobile/15E148 Safari/604.1" "https://my-url.acme.org/auth/authorize?client_id=https%3A%2F%2Flayla.amazon.com%2F&response_type=code&state=A2SAAEAEBF4-J7C7FPs853I7seR-NYB8Fbb2bAHwY0bzOcjwU369TgKa_Y36GFGKVgb8d7kJ5Q2b5PypwJ-ojLkaxsKrqwGhBCbiXlx96XaGJt2cswe_krQ9ZExq8wJzTcWfgUa_fUA_gSRiOdQrU-fPqFOoSbnjicP5nFxEA-IhY3FPN3CgCCDzbireXhP8s5hJzGndyfTuPClu5TKO3o9LJzO8-YqLEi97qRFGjGuCj_Z6FQrliYE4k8e9l3bTlc1m4W2NU-iGyZcqlVpyPO8d0niu1eLhpV5s-D17Ntsj6Zin22w0cFVbw0Fa0kHuHzKM3tNns_FtJi3ybbeyKoZOLVd1AhGJTulnkC7ntVXomabf_jAWLEBkJxjdExN_REdFwV7LdDHgtu3VBDGzt2x2-iEW5BuO7d-k3MQac6lonis7Dlna2eBZejInrJ24I5txok2VhEuFLzY8ady_o9rOnIOnhUWhnDtAfYfCtIRqzm9pE9wvxaNXpMDZHIccqIQRrORAYZ7EHktZ8KvVouOA6pU0nf_YJZvNWW9frjVNiI0ZYAms6cNadtfqkSOspV81IOVPWjLFBBonJ1Lh02PP7bfBD7G3KpknFtNZeLU-mb5gPemp5b6Rhc2KgI9YhYKAzN_-or-LLn_LbZYCyl-F_SBAdhAFvNj_hJ1m4rhnYkkMWPbT6s&scope=smart_home&redirect_uri=https%3A%2F%2Flayla.amazon.com%2Fapi%2Fskill%2Flink%2FM3FIWMEYBG09NI"
It turned out that the below also was not the “real” problem. I enabled the Bot Fight mode last week (and of course forgotten that I did .
Unfortunately I was not able to allow Amazon-Lambda to pass through this bot-fight-mode via firewall rules on cloudflare so I decided to disable it again.
Cheers
old-information:
I found the problem on my own! Cloudflare proxying was the “bad boy”. I changed my home URL from “proxied” to “DNS-only” and voila - linking successfully finished.
Anyhow it’s strange because it was working with proxied hostname before. Do anyone have an idea why this happened - or better - does anyone have an idea to configure it WITH proxying?
Cheers
PS: It looks like that this is only valid for the linking-process itself. I reactivated proxying on my hass URL again and it is still working.
I want change to Cloudflare proxied so my IP is hidden and ports are closed on router.
If I change do in need unlink all my skills before I made the change?
When everything is running via Cloudflare then relink all skills again?
Look one post above
Cloudflare proxying service itself was not the problem but “Bot-Fight” mode was! I just disabled bot-fight mode again and everything was working as before (includes linking via proxied IP - at least for me)
Everything was working when all domains point to my IP with open ports in router.
I changed name servers to Cloudflare. Everything was working except all Alexa Skills.
The “Bot-Fight” mode was already disabled. And if I understand you right. Your turned it on for security reasons, but then your skills didn’t work. You disabled it again and it worked again.
So then my skills must work in first place? Or do I need unlink them and link again.
Maybe because of certs change as well or path to devices will change?
Puh good question. To be honest I can not answer that. I already was at CloudFlare with my domain before I initially created the Alexa-Skill. So I assume you do not have to disable the proxy-feature. Anyhow if it IS the case - you just can disable the proxying-feature in the cloudflare-dashboard for the time linking your skill.
But them my IP is visible again…
I will do a test tomorrow. unlink skills, change to Cloudflare. After some hours link again and see if this will work. My idea is to hide my IP and remove all ports
Of course - Just meant to disable it for the time linking and reenable it again. That’s what I did. Anyhow btw you have to open some ports on your router (at least from my knowledge).
This create a tunnel between Cloudflare and HA. In this add-on you can select that you use NPM.
So all subdomains have a CNAME to tunnel address.
Behind the Cloudflare add-on NPM is using to read the subdomains and redirect them to right device.
Because of this tunnel you can remove port 80 and 443. Cloudflare is tunneling all the connections to my HA.
I have changed everything and before unlinked all skills. After the change relinked. Seems ok. Everything is working ok for now… Lets see what happen later on
I’ve just had a similar issue in. Instead it was my Geo block of anywhere except Europe. For some reason Cloudflare started to recognise calls from AWS coming from US and not EU
Thank you! This is EXACTLY what I was looking to do to keep bot fight enabled except exclude for Amazon Alexa. I did find that my requests were coming from AS14618 AMAZON-AES.
I have same problem and I added AS16509 to IP Access Rules in cloudflare but error still there.
I am from EU.
Error
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:82
Integration: HTTP (documentation, issues)
First occurred: 11:21:54 AM (1 occurrences)
Last logged: 11:21:54 AM
Login attempt or request with invalid authentication from hidden. Requested URL: '/auth/login_flow'. (Mozilla/5.0 (iPhone; CPU iPhone OS 15_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1)
strange I have Alexa connected with cloudflared as well. my HA link is proxied… everything works here.
I don’t know what I did in past to let it work. Some things that can be:
). It tells me that my skill is not linked anymore. And that’s the point where I’m struggling because I’m not able to link it anymore. It always tells (in german on my device) “Kontoverknüpfung erforderlich” - which means something like “account linking needed” in english) and when I try to link it it tells me that the links could not be established successfully. It always says “[SKILL NAME] konnte nicht mit Alexa verknüpft werden” which means something like “[SKILL NAME] could not be linked to Alexa” in English.
.
