Many thanks for those screenshots. They put me on track and I was able to finish the setup. The missing step for me was that I was searching for SSL/TLS in the main Cloudflare dashboard and I had to select the domain I wanted to work with. So I was going back and forth between the main dashboard and Zero Trust dashboard looking for it.
Summing it up:
I had the addon installed with Local Tunnel setup on ha.mydomain.com
In zero trust I created a selfhosted application with email OTP for ha.domain.com
This way you will only get 24h access or so.
So, in the addon, add an additional host similar to that:
- hostname: `app-ha.mydomain.com`
service: http://192.168.0.2:8123
Where service is your internal url for HA
Then follow this guide using app-ha.mydomain.com
When creating the certificate copypaste the code into notepad for example and save it as cf.pem and cf.key respectively. If you used those filenames then use linux, mac or wsl for windows and in the directory you saved them use:
openssl pkcs12 -export -out cf.pfx -inkey cf.key -in cf.pem
Give it a password or for some reason you won’t be able to install it later.
Bring that cf.pfx to your phone and install it. Go to settings, search for certtificate > install cert form storage > VPN ...
Add https://app-ha.mydomain.com as a external URL in the companion app. Enjoy.
I apologize if some of this overlaps what you already explained (in a more concise and understandable way) but I wanted to resume my process in case it helps somebody else.
For reference, I got some info from here: Home Assistant App through Cloudflare Tunnel with Auth (Android)