Hi everyone,
I have a problem connecting to my Home Assistant.
For over a year, at home, I have been using an old tablet as a digital frame for photos and a local display to control Home Assistant. Everything was working until a few days ago. I noticed that the tablet’s sensors were no longer being updated.
Trying to open the Home Assistant app it displays an error message regarding the invalid certificate.
I don’t have this problem with other devices (my cell phone, my wife’s, my son’s or even with accessing the web page from a PC).
I use https://mydomain.duckdns.org:8123 to connect to my HA.
The browser tells me that the connection is secure, the certificate is valid (released on October 11th, expiring on January 9th).
I have this problem only with one device, this old Samsung tablet with android 5.0.2.
I honestly don’t know what to check. Considering that the certificate was regenerated (automatically) a few days ago, could it be that it’s not good? But shouldn’t this eventually affect all devices that access Home Assistant?
Thank you for any help!
Home Assistant 2023.10.3
Supervisor 2023.10.0
Operating System 11.0
Frontend 20231005.0 - latest
First I tried restarting Home assistant. then I cleared the cache of the companion app on the tablet. in the end I also uninstalled the app but unfortunately without solving the problem.
any recent ip changes to the device?
check your configuration.yaml top section… i have these comments to help me remember to renew cert. see if any of that apply to you
default_config:
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.1.0/24
# - 172.30.33.0/24
# To renew ssl cert stop DuckDNS and Nginx, Comment the x_forwarded 4 lines above
# Then uncomment following 3 lines bellow
# base_url: https://xxx.duckdns.org
# ssl_certificate: /ssl/fullchain.pem
# ssl_key: /ssl/privkey.pem
# Restart home assistant
# Start DuckDNS - it should fix the cert
# Comment the 3 lines from the config again
# Then uncomment the x_forwarded 3 lines again
# Restart HA
# Enable nginx again
NOCHANGE
[13:48:02] INFO: Renew certificate for domains: XXXXX.duckdns.org and aliases:
# INFO: Using main config file /data/workdir/config
Processing XXXXX.duckdns.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Dec 22 03:28:43 2023 GMT (Longer than 30 days). Skipping renew!
To NathanCu:
I have an automation that every night restart letsencrypt to renew the cert. The certificate has been renewed on 11 october so I think, maybe, the problem started on that day (I don’t use the tablet every day to connect to HA).
Here is a screen of the error (I have uninstalled the app, then reinstalled and now I am stuck at the start page).
This. It’s highly likely the root certificate doesn’t exist on your device. That’s a major reason end of life OS support is important, the OS vendor updates the root certificate store that underpins all security. The recent newly issued certificate is likely chained to a new root certificate.
Well that looks like a correctly chained cert in the browser. Assuming it’s the same cert the app is trying to use (should but black box…) and it was an opportunity to brush up my Italian…
Ok for those who aren’t following along a certificate eventually traces back to a ‘trusted root’ these are installed by default by your device /os/etc vendor. Just having a ‘good cert’ alone isn’t enough.
These expire. (in fact there’s a push in the industry to make them expire faster - for reasons.). In currently supported gear the certs are regularly updated usually by the same mechanism that provides software updates…
In old gear… points this is now a thing you need to worry about.
Glad it was an easy fix. I really didn’t want to import root certs in Italian.
By the way, if it’s can be usefull for someone with my problem I followed these instructions to install certificate in /system to keep the lockscreen free of any protection (the tablet is always in the house).
Hi. Could you please share the guide on how you installed the certificate? I’ve been trying for days on Android 5 and I just can’t get it to work.
I’m italian too!
Finally, I found this online guide that provides you with the Let’s Encrypt certificate to install directly, and you’re good to go. Here is the link with the guide and the corresponding file:
I don’t think I ever had a certificate and I don’t see why I would need one in my home network. So why is my app moaning about a certificate? I tried adding the server again, with an http-address, but the problem remains.
I was out of the house today, so I could test the client from outside my Wi-Fi network. And I got the same error message. So my client is not even trying to make a local connection. And the error is in connecting to the Nabu Casa cloud!
But how can I force the client to connect locally?
And how to I fix connecting to Nabu Casa?
It turned out HA was displaying “We are preparing remote access and will notify you when it is available”. After restarting HA and waiting for a few minutes, that was fixed.
But now we know: my client is using the web access, even when I am at home. So I still have the quetion: How to force local access?
