Amazon Alexa Smart Home Skill / Problem for account linking

I’m strugglin since a few days to use Alexa Smart Home Skill.

I’ve follow step-by-step this guide : Amazon Alexa Smart Home Skill - Home Assistant

My lambda test function works as expected, and return entities from Home Assistant, but when it comes to associate my Alexa Skill in dev mode with Alexa App on Android, it fail!
I reach the login page from home assistant, login, but the redirect fail with a message “We were unable to link XXX at this time”.

I’ve seen somewhere that the Skill must communicate with the HA on port 443, I’ve redirect the port to my HA, that now can be accessed thru my domain :

On Alexa Developer console, in account linking section, here is my settings :

Your Web Authorization URI :
Access Token URI:
Client_id : (for Europe)

I’ve try switch the urls mentionned above with explicit port specified :8123 or :443 (all combinaisons :sweat_smile:), same result.

If anyone succeed set it up, any help would be higly appreciated :slight_smile:

I don’t see logs on H.A of this login attempt, is there logs about these attemps in ALEXA CONSOLE ?
Is it possible to do this ALEXA < - > SKILL association from a computer ? or Alexa app is needed ?

Many thanks for your feedbacks :wink:

NB: I use Home Assistant 2021.12.2 on Docker, on a debian 11 buster.

Give this a try: Alexa skill is not working - #2 by fuatakgun

Thanks for your feedback!!
I’m not exactly sure what you mean here :sweat_smile:

The URL’s I’ve found are : for US for UE

How to replace pitangui part from layla Url ? :thinking:

If I try with US url, the HA login page send on first step an error message (Error: Invalid client id or redirect uri)
If I try with EU url, no error message on H.A first login step, but after login, what I previously describe.

1 Like

I have my digital marketplace set as US for Amazon account and I thought you have a similar issue, but apparently i was wrong. You can try to enable debug logs for alexa integration and check them

Unfortunalty I still don’t find how to link my Alexa Skills to H.A :frowning:
I don’t find where to enable debug logs for Alexa, where can it be done?

Do you know if there’s a way to see raw logs from H.A http server, to investigate request/feedback done with Alexa? I use H.A with docker on Debian Buster.

It was way more easyer to connect my stuff to Google Home, AWS/Alexa backend is a nightmare!

What worked from me was removing the port from my BASE_URL value in the Lamba function Configuration section. So instead of, I put

And of course I forwarded port 443 to 8123 in my router. Verified that this worked first my just navigating to in my browser outside of my local network and voila my dev AWS skill started working and was able to link.


Same problem here, did you found a solution?

Ok, don’t know why, but for Alexa Skills account link, i needed to activate TLSv1 in my nginx configuration:

ssl_protocols TLSv1 TLSv1.3

When my accoutn was linked, I was able to remove TLSv1 and it’s still working…

1 Like

Thanks for your feedbach!
Where do you find this Ngix settings?

Are you using a custom domain or DuckDNS ?

YESSSS… after hours of trying this was the solution!! THANKS!

That works!!!
I will explain how I could solve and apply that on my Synology Docker installation of Home Assistant!!

I’m trying to solve the same problem… Where did you go to modify the base url in Lamba function Configuration section… In one year the AWS interface has changed quite a bit and I’m not going to hide it, I’m still a beginner in this field.

Concerning port forwarding, my HAOS is on a Pi 4, should I choose it as the device to forward port 443 to 8123?
And is the redirection only in TCP?


I have created an account in these forums just to let you know that your fix worked. I had searched for over 5 hours on how to do this, tried almost everything. Thank you so much

Within AWS Console, where you see your code, there’s several tabs, one being Code where you write your Lambda function and another one is called Configuration, this is where your environment variables are stored. There’s a BASE_URL and that’s what you want to update and save.

Assuming you have 2 routers, your ISP router and then your own router you purchased. The ISP router traffic must be forwarded to your owned router via the firewall, if you just want to forward ports, create a rule to forward 443 on ISP to 443 on owned router. Then on your owned router, you want to again update the firewall to forward 443 traffic to 8123, assuming that’s your Home Assistant’s listening port. Yes, TCP is all that’s needed.

I have spent the best part of 2 days trying to get this to work. I had a lot of issues with the proxy configuration (self imposed), but the final fix was to clear the cache and all user data on the Alexa app (Android). Account linking worked once I had this done.

Issues with Homeassistant config

The minimal config I had when I got it first working was:

    locale: en-GB

Issues with proxys

I was running with NAT(PFSense)TLS endpoint (Traefik)Reverse Proxy (Traefik)Homeassistant(Docker)

To see if there is a proxy issue i did the following:

docker exec -it ${homeassistant_container_id} /bin/bash
apk add ngrep
ngrep -d {adapter} -W byline '' 'tcp port 8123'

This gives the raw traffic going into homeassistant and can be quite noisy. After running that command, run the AWS lamda function test.
Look for output X-Real-IP: {IP}
If the IP address is a local IP address or there is no response, then its likely a proxy / firewall issue.
If it’s one that looks like it’s from amazon, then it’s likely not a proxy issue.
Messages from amazon usually have some extra amazon headers in the lines above X-Real-IP.

I had to ensure https.forwardedHeaders and proxyProtocol trusdedIPs were set for my traefik endpoints, and my TLS endpoint service in traefik had proxyProtocol.version=2 set in the load balancer.

Can’t authenticate at this time

If you can see in the tcp traffic that AWS is sending the token data to homeassisntat, but there are still issues, RESET THE ALEXA APP!. I cleaned the cache and app data, then when I logged back into the app, connected the account, I finally got the success page.

Hope this helps someone.

1 Like

I have recently been fighting with this problem for a week. In my case, HA is served through a reverse proxy with Nginx, so that all applications use the same certificate (one from Let’s Encrypt). Well, in my case the problem was that the certificate I configured was the final certificate instead of the fullchain.pem. I changed the settings and ‘voilà’. Problem solved. I hope this helps someone.