Android mobile app cannot access webui with self-signed certificate

I tried setting up self-signed ssl certificate. All works fine, accessing the webui asks to accept the risk of the self-signed cert, and then shows the interface, but when trying to access it using the androind app, it seems the screen asking to accept the risk is not visible, so I just get a white screen.

Anyone figured out a way around this?

Because the self signed certificate is related to one address (dns) and not for local ip…Young Canon use ngix addon to solve this issue.

I have self signed certificate related to dns address, but it stil does not work. Problem is that certificate is not valid. So i am stucked with Ariela…

Could you elaborate on this for point me to to some documentation?


See if these steps will help if you use a self-signed certificate

Not sure if this is the same problem as described above, but I have a similar problem.

Current Status

I have set up NGINX with Letsencrypt and it seemed to be working OK with my *** domain.

  • Outside of my network - *** works with android app and browser on phone and pc.
  • Inside of my network - *** works with browser on PC, but on android neither app or browser works consistently. The app gives a white screen.

I have tried to export and install my certificate on the android device. This leads to the browser on the phone working sporadically, but eventually it fails. When it does work I can check the SSL certificate and it does seem to be present and correct.

Do you have any idea why I am experiencing this behaviour?

In the web of the Android applicacition show the same problem.

They ask you to install the certicate you have in your Android device, in my case i use the Duckdns plugin and it create directly the cert as a .pem file.

My error is that when i try to install it, my Android tell my i need a password to install it, but i dont have one :confused:

Some help?

Anyone get this working?

I’ve tried to use the internal address feature in the Companion client and I can’t get passed the white screen, and a failed to connect message. The phone can open the page fine in a web-browser, and I’ve even to to the extent of importing the self signed cert into the phones trusted root store (via root access), and it still wont work.

If you have to accept a SSL cert on the internal address then this won’t work. Consider using NAT loopback on your router and just don’t use an internal address. Don’t forget the SSL cert is for your domain and not your internal IP.

Its a self signed cert that I’ve generated for the box internally and attached to the reverse proxy for my internal domain.

Outside works fine. And yes I could use that inside, but with NAT loopback the source address comes from the routers inside interface, not the phone. So logging I can’t tell who is who. In Ariela previously this worked fine.

I suppose I could turn off TLS for the internal address if the app simply cannot accept self-signed.

Try to install nginx plugin, so you in local can access with http and outside with https.

Hey, I’m sorry if bring up a dead thread but it’s still the most relevant one on the subject of having local only https access for your home assistant.

I’ve read through the thread and I can now share the easiest way that I tested personally:

Pros: no duckdns addon, no nginx addon, no lets-encrypt addon
Cons: the certificate will expire eventually (in a couple of years) and you will have to generate a new one and push it to HA

I’m also running on hassio and it’s ok.

  1. Install “SSH & Web Terminal” (the community one, not the official one!) add-on on Supervisor page of HA
    This is needed to be able to write the cerificates to the HA filesystem

  2. Install mkcert GitHub - FiloSottile/mkcert: A simple zero-config tool to make locally trusted development certificates with any names you'd like.
    the instructions are in the repo, install the root CA, generate the certificate for you HA (note: not only the dns names are valid, but also ip addresses; one certificate can have multiple dns names / ip addresses)

  3. Login to your HA via ssh and copy the certificates to /ssl directory (or some other directory)

  4. Adapt the configuration.yaml accordingly:

  ssl_certificate: /ssl/homeassistant-local.pem
  ssl_key: /ssl/homeassistant-local-key.pem

Restart the server

  1. If you installed the root ca on your device via mkcert - the https connection from that device should work already. Not the mobile app though.

  2. For mobile app use the instructions at Troubleshooting | Home Assistant Companion Docs

you can see the location of your root CA files via mkcert -CARROT

I also needed to clear cache / storage for mobile app or else it wouldn’t let me in.

  1. It works for me on MacOS + Android - both connected with https + ip address