Configure SSL to Work with Mobile App

I’ve been trying to connect to my Home Assistant Android Mobile App with SSL certificate enabled but I couldn’t figure it out. It does; however, work by typing https://mydomain.asuscomm.com:8123 over web browser on both desktop and phone. It’s just the app that couldn’t connect. I have my own DNS service and is using Docker for my setup. I’m getting the following error.

Unable to connect to Home Assistant

Unable to communicate with Home Assistant because of an SSL error. Please ensure your certificate is valid

I’ve tried the following as suggested by other threads:

Configuration.yaml:

http:
  #base_url: https://mydomain.asuscomm.com:8123   <--- Makes no difference
  base_url: https://mydomain.asuscomm.com  #<--- Same results as above
  ssl_certificate: /config/fullchain.pem
  ssl_key: /config/privkey.pem

Reference threads:

My guess would be because the Certificate is Self-Signed (using this method) and so the App cannot access the certificate key. Then again, why did the browser work but not the app?

Sorry deleted my first comment because I mentioned issues I was having with an asuscomm domain… then realized that wasn’t really your issue … so my answer didn’t seem as relevant… (long story short can you try a different ddns service temporarily? Asuscomm stopped seeming to update properly and fails multiple dns record checks on websites that check statuses of urls /ssl certs) switching to the mynetgear ddns service (no-ip, but no 30 day limit with a netgear router) has resolved all of my issues…

Thanks Bartem. Let me give that a try.

K let me know, like I said when I re-read your question I realized you had more going on but thought I would throw it out there because it was causing me tons of weird issues I couldn’t nail down because it was intermittent…

I finally got around to fixing this issue.

The app error was just that. It couldn’t communicate with Home Assistant because the router doesn’t know about the certificate. In other words, it doesn’t have the cert key or public key to unlock the traffic just to put it simply. I ended up upgrading my Asus router to another one where it has Let’s Encrypted installed on the router and doing all the renewing for me. I was able to export the certificate from the router and use it in my home assistant. Of course, the cheaper, free, alternative is to use Let’s Encrypt with DuckDNS.

which router did you use?

Asus Router

with default firmware or any other? and which router model

Asus RT-AC86U with default firmware.

1 Like

can you highlight the steps for configuration in the router?

Using Free Dynamic DNS from Asus

Reference - [Wireless Router] How to enable HTTPS and create a certification on ASUS router? | Official Support | ASUS USA. See the screenshot near the bottom.

  1. Log into your Asus Router
  2. Go to WAN > DDNS
  3. Fill in the fields:
    Enable DDNS Client: Yes
    Server: www.asus.com
    Hostname: example (notice it appended asuscomm.com - the end result will be example.asuscomm.com)
    DDNS Registration Result: Select Free Certificate from Let’s Encrypt
  4. Click Apply
  5. If registration is successful (meaning the hostname isn’t taken) you’ll get the Export button to export the certificate

Note: Asus router should automatically update the certificate every 3 months and generate a new certificate. You’ll have to download the new certificate and insert it into HomeAssistant.

Download and Apply to HomeAssistant

  1. The exported certificate will be .pem extension
  2. Copy it to …/homeassistant/ssl folder
  3. Restart HomeAssistant

I have docker container running homeassistant but it should work across the board. Asus router also have the ability for SSH so one could write a script to check on the last modified or diff the certificate that was generate and rsync/scp it to HomeAssistant. It can also be scheduled using the HomeAssistant Automation section.

1 Like