Hi everyone,
I have a problem connecting to my Home Assistant.
For over a year, at home, I have been using an old tablet as a digital frame for photos and a local display to control Home Assistant. Everything was working until a few days ago. I noticed that the tablet’s sensors were no longer being updated.
Trying to open the Home Assistant app it displays an error message regarding the invalid certificate.
I don’t have this problem with other devices (my cell phone, my wife’s, my son’s or even with accessing the web page from a PC).
I use https://mydomain.duckdns.org:8123 to connect to my HA.
The browser tells me that the connection is secure, the certificate is valid (released on October 11th, expiring on January 9th).
I have this problem only with one device, this old Samsung tablet with android 5.0.2.
I honestly don’t know what to check. Considering that the certificate was regenerated (automatically) a few days ago, could it be that it’s not good? But shouldn’t this eventually affect all devices that access Home Assistant?
Thank you for any help!
Home Assistant 2023.10.3
Supervisor 2023.10.0
Operating System 11.0
Frontend 20231005.0 - latest
First I tried restarting Home assistant. then I cleared the cache of the companion app on the tablet. in the end I also uninstalled the app but unfortunately without solving the problem.
any recent ip changes to the device?
check your configuration.yaml top section… i have these comments to help me remember to renew cert. see if any of that apply to you
default_config:
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.1.0/24
# - 172.30.33.0/24
# To renew ssl cert stop DuckDNS and Nginx, Comment the x_forwarded 4 lines above
# Then uncomment following 3 lines bellow
# base_url: https://xxx.duckdns.org
# ssl_certificate: /ssl/fullchain.pem
# ssl_key: /ssl/privkey.pem
# Restart home assistant
# Start DuckDNS - it should fix the cert
# Comment the 3 lines from the config again
# Then uncomment the x_forwarded 3 lines again
# Restart HA
# Enable nginx again
NOCHANGE
[13:48:02] INFO: Renew certificate for domains: XXXXX.duckdns.org and aliases:
# INFO: Using main config file /data/workdir/config
Processing XXXXX.duckdns.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Dec 22 03:28:43 2023 GMT (Longer than 30 days). Skipping renew!
To NathanCu:
I have an automation that every night restart letsencrypt to renew the cert. The certificate has been renewed on 11 october so I think, maybe, the problem started on that day (I don’t use the tablet every day to connect to HA).
Here is a screen of the error (I have uninstalled the app, then reinstalled and now I am stuck at the start page).
This. It’s highly likely the root certificate doesn’t exist on your device. That’s a major reason end of life OS support is important, the OS vendor updates the root certificate store that underpins all security. The recent newly issued certificate is likely chained to a new root certificate.
Well that looks like a correctly chained cert in the browser. Assuming it’s the same cert the app is trying to use (should but black box…) and it was an opportunity to brush up my Italian…
Ok for those who aren’t following along a certificate eventually traces back to a ‘trusted root’ these are installed by default by your device /os/etc vendor. Just having a ‘good cert’ alone isn’t enough.
These expire. (in fact there’s a push in the industry to make them expire faster - for reasons.). In currently supported gear the certs are regularly updated usually by the same mechanism that provides software updates…
In old gear… points this is now a thing you need to worry about.
Glad it was an easy fix. I really didn’t want to import root certs in Italian.
By the way, if it’s can be usefull for someone with my problem I followed these instructions to install certificate in /system to keep the lockscreen free of any protection (the tablet is always in the house).
