I’ve been trying to connect to my Home Assistant Android Mobile App with SSL certificate enabled but I couldn’t figure it out. It does; however, work by typing https://mydomain.asuscomm.com:8123 over web browser on both desktop and phone. It’s just the app that couldn’t connect. I have my own DNS service and is using Docker for my setup. I’m getting the following error.
Unable to connect to Home Assistant
Unable to communicate with Home Assistant because of an SSL error. Please ensure your certificate is valid
I’ve tried the following as suggested by other threads:
http:
#base_url: https://mydomain.asuscomm.com:8123 <--- Makes no difference
base_url: https://mydomain.asuscomm.com #<--- Same results as above
ssl_certificate: /config/fullchain.pem
ssl_key: /config/privkey.pem
My guess would be because the Certificate is Self-Signed (using this method) and so the App cannot access the certificate key. Then again, why did the browser work but not the app?
Sorry deleted my first comment because I mentioned issues I was having with an asuscomm domain… then realized that wasn’t really your issue … so my answer didn’t seem as relevant… (long story short can you try a different ddns service temporarily? Asuscomm stopped seeming to update properly and fails multiple dns record checks on websites that check statuses of urls /ssl certs) switching to the mynetgear ddns service (no-ip, but no 30 day limit with a netgear router) has resolved all of my issues…
K let me know, like I said when I re-read your question I realized you had more going on but thought I would throw it out there because it was causing me tons of weird issues I couldn’t nail down because it was intermittent…
The app error was just that. It couldn’t communicate with Home Assistant because the router doesn’t know about the certificate. In other words, it doesn’t have the cert key or public key to unlock the traffic just to put it simply. I ended up upgrading my Asus router to another one where it has Let’s Encrypted installed on the router and doing all the renewing for me. I was able to export the certificate from the router and use it in my home assistant. Of course, the cheaper, free, alternative is to use Let’s Encrypt with DuckDNS.
Fill in the fields:
Enable DDNS Client: Yes
Server: www.asus.com
Hostname: example (notice it appended asuscomm.com - the end result will be example.asuscomm.com)
DDNS Registration Result: Select Free Certificate from Let’s Encrypt
Click Apply
If registration is successful (meaning the hostname isn’t taken) you’ll get the Export button to export the certificate
Note: Asus router should automatically update the certificate every 3 months and generate a new certificate. You’ll have to download the new certificate and insert it into HomeAssistant.
Download and Apply to HomeAssistant
The exported certificate will be .pem extension
Copy it to …/homeassistant/ssl folder
Restart HomeAssistant
I have docker container running homeassistant but it should work across the board. Asus router also have the ability for SSH so one could write a script to check on the last modified or diff the certificate that was generate and rsync/scp it to HomeAssistant. It can also be scheduled using the HomeAssistant Automation section.