Can't access API after switching to https

I’ve recently switched to self signed certificate to allow me to use the Google assistant component.
I followed this guide here
But I’m having a couple of problems…
When I navigate to my HAS frontend I’m greeted with a warning from the browser telling me its not secure etc.?
Secondly, I can’t access the API at all via json. I’d been using Tasker to get some values, switch lights based in mobile device alarms etc.
My configuration.yaml looks as follows:

http:
  api_password: secret-pass
  base_url: mysecret.duckdns.org:8123
  ssl_certificate: /home/homeassistant/.homeassistant/certificate.pem
  ssl_key: /home/homeassistant/.homeassistant/privkey.pem
  ip_ban_enabled: True
  login_attempts_threshold: 5

Am I missing something?
I didn’t use LetsEncrypt as I didn’t think it was required for self signed only? As I don’t access my home assistant instance from outside my network.

Any help greatly appreciated
Thanks

You can’t use a self signed certificate with Google Assistant.

1 Like

Thanks, but this isn’t my primary concern actually.
It’s the other points I mentioned, about the front end and the api

Your browser doesn’t like them either. You should be able to add your certificate to the certificate store - follow the help in the error message - advanced or something like that…

did you change your json call URL’s to https:// rather than http://

I just had the same issue when I upgraded to HTTPS with some json calls from a phone app. I updated them to https and all is good for me now

Yeah I did, also tried https://mysecret.duckdns.org:8123 aswell as https://my-ip-addr:8123

did you include your api password in the call?

ie https://myaddress.duckdns.org:8123?api_password=xxxxxx

I assume tasker is running outside HASS, so it wont know how to use your secrets file from HASS. And if you have not used an API password in the past, you can include it in the URL you are using (xxxxx in this example)

Yes I have included password.
I don’t use a secrets file

As @DavidFW1960 mentioned, all browsers will give you a warning when they encounter a self signed certificate. You can add the cert to your Certificate store to ‘trust’ it and the warning will no longer show, but only on that one machine.

Most services will just refuse to connect to a self signed certificate. You’ll need a ‘proper’ cert, use LetsEncrypt, or pay a few dollars to at a cert provider.

I’m curious as to how I add a certificate to my store on android for example?

Secondly I’ve always been reluctant to go down the LetsEncrypt route as it requires an open port, which makes me a bit (perhaps overly) cautious and nervous?
I never access home assistant from outside my house so it seems a tad over kill…bit I’m starting to think it’s pretty much a necessity now?

As you have said, you added the certificate for usage with Google Assistant. And for that you need a trusted one.
There’s no benefit in adding your self-signed one to your phones and computers, because the Google Assistant won’t work. And if you don’t access HA from the outside and you don’t want to incorporate the Google Assistant anymore, you might as well go without the certificate.

Ah ok. I just re-read this and can see that the Google assistant component needs external access. Apologies.

I was looking to setup the Google component because I was under the impression that the emulated hue component is / will be dead?