I followed the official instructions to manually link Alexa skills, as I’m using a Docker installation and no Nabu Casa. I got all of the AWS setup correct finally. I ran into an issue because my ISP doesn’t provide a public IPv4 address, only IPv6, so I had to create a VPC in AWS with IPv6 access, but eventually figured that out and got the tests to work fine. I’m using NPM to reverse proxy with my own domain and LetsEncrypt certifcates (no DuckDNS or Cloudflare, and ports are handled so none are needed when entering the URL). Running an SSL check shows TLS 1.2 and 1.3 are working properly. Basically every external access check I can run is good for access. But when I use the Alexa app and try to connect the skill, after logging in to my site (which again it navigates to fine) I get “Unable to link the skill at this time”. I tried deleting the app and reinstalling but same thing. I’m not sure where else to try to look in logs. There’s nothing in the regular homeassistant.log. The nginx reverse proxy access log shows 4-5 hits when I try to connect the skill, starting with auth/authorize from Amazon then a few other auth endpoints…so it seems like at least one direction is working. I’ve scoured all of the other threads I can find but I can’t find anything that helps. Most people that have this issue solved it by disabling bot fight on cloudflare, but that obviously doesn’t help me. Anyone have any ideas?!
For anyone in the future that comes across this, it turns out it was indeed an IPv6 issue. I tried using Traefik on my external VPS (which was already setup for some other things on the rest of my domain), but I couldn’t figure out how to set it up properly as it kept trying to use Traefik SSL certificates instead of the ones on my home server. Then I discovered http://v4-frontend.netiter.com/ and changed my DNS A record to theirs, and boom, it worked! I was also able to remove the VPC in AWS since the IPv4 connection worked. I’d still like to be able to set this up myself so I don’t have to rely on this external service, but not sure how and this is obviously easy and works!
Update 2, I got it working without netiter and instead using my own VPS and Traefik! It was a bit of a nightmare but the short of it is I had to enable IPv6 in Docker and add it to the network my Traefik container is using, so that it could do outbound requests on IPv6. That’s a whole other endeavor, and if anyone has questions, I can try to help but I kludged it together and ultimately upgraded my entire server to support it (3 years uptime down the drain!). For the Traefik configuration it was simply a matter of adding the below (not sure how to format it properly!):
[tcp.routers.hahome]
rule = “HostSNI(myurl)”
service = “hahome”
[tcp.routers.hahome.tls]
passthrough = true[http.services.hahome.loadBalancer]
passHostHeader = true
[[tcp.services.hahome.loadBalancer.servers]]
address = “myurl:443”