Connection problems when using https (wss)

Hi,

When using https, HA is much slower and doesn’t load from time to time. When using http everything works as intended.

Looking in the Firefox (88.0.1) console I get these:

Firefox can’t establish a connection to the server at wss://ha.[my domain]

and

Firefox can’t establish a connection to the server at wss://ha.[my domain]:8123/api/websocket. core.7fd33a93.js:1:5623

My setup is a freshly installed HA 2021.5.5 in HassIO (5.13) in a Proxmox VM with 2GB RAM and a good CPU. My router is running OpenWrt 19.07.4.

I’m using an online subdomain, like ha.example.com, that is pointed to my external router IP.
In the router have I then set the subdomain (ha.example.com) to point to an internal ip (192.168.0.x) that is the HA server.
I did this to be able to use LetsEncrypt SSL certificates.
Once every 3 months or so do I open the required ports in the router and refresh the SSL certificates.

All this works perfectly except for the websocket (WSS) problem that happens from time to time, and the slowness when connecting with Firefox (or Chrome etc) from my main computer.

If I add the route (192.168.0.x ha.example.com) to my Windows 10 host file, run ipconfig /flushdns, and restart Firefox the problem is gone and https works perfectly.
Based on this am I guessing that Firefox/Chrome is is not always using the router DNS, but I have no clue why this would be the case - that is works in 90% of the time but suddenly not.

I’m partly writing this so others with the same problem can get a quick-fix (use host-file) but also to fix the problem since it will be easy to forget the host-file entry, and get problems, in the future.

I think there are a lot of good reasons to redirect the fqdn to the local IP, like you did (and I do)

I’d just suggest to do it at the level of your lan dns server (router?}, so that you do it once for all devices.

Yes, I’ve done that as-well.

In the router have I then set the subdomain (ha.example.com) to point to an internal ip (192.168.0.x) that is the HA server.

Maybe it wasn’t clear. I normally block the external ha.example.com to the internal ip. But I always have the internal ip route to ha.example.com on my local LAN. This is configured in the router / LAN DNS server.

Ah sorry, I misread.
Maybe check on you windows PC is something is not altering your DNS to bypass your LAN server, then.

Proxies, VPN, … will also bypass your DNS settings, btw.

As far as I know there is nothing like that on my computer. I’ve also seen other people with the same problem, so it might be something else.