HA Android App Does Not connect External or Internal

I’ve had Android AP running for over a year. This past week I upgraded from a June 2022.X to July 2022.7.5, and Android APP stopped working both locally and remotely.

I re-installed HA DuckDNS add-on, and re-installed Android APP on cell-phone. On APP I enter secure duckdns URL, then enter username/password, but says “Error: login blocked: User cannot authenticate remotely”. I tried setting APP address to both local HTTPS://local_ip and remote DuckDNS URL, but neither work. Yes I restarted HA on any configuration changes.

I verified my router is port forwarding 8123 to local HA IP address. Adding 80 and 443 forwarding does not make a difference.

I verified my Let’s Encrypt token from DuckDNS is correctly entered in HS DuckDNS add-on.

When I look at the HA DuckDNS add-on log, it shows “NOCHANGE” every 5 minutes, so looks like add-on is chatting with DuckDNS.

Using my cell phone browser I enter secure HTTPS://my.ha.ip.adress, then login in, and the browser says the connection is unsecure (HTTP), but I do get to my HA instance.

I have not tried logging in using the HA external IP address provided by my service provider, since I don’t want to expose name/password on unsecured link, but I was able to ping my HA using that external IP address.

I entered my DuckDNS domain name into SSL Shopper’s “SSL Checker”, and it says its a valid domain name and valid certificate to expire in 34 days.

It appears HTTPS is not working. I followed the default DuckDNS config, including adding the HTTP ssl certificate and key entries within the config file, which had not changed. The certificate and key files are there within the ssl folder.

This should be unrelated. Only config difference in HA config is that I was using RPI_GPIO add-on which deprecated this month (GPIO used for window/door alarms). I moved it over to custom components and all the GPIO pins are working fine, I just don’t get the notifications to my Android HA APP any more.

So the only real clue I have is above: User cannot authenticate remotely Maybe there is something wrong with the certificate… it is more than a year old.

By the way, I am in no way an HTTP/HTTPS expert, I am just following all the suggestions gleaned from forums, but I’ve run out of things to try. Anyone have some ideas?

https over local IP will not work with the android app as the certificate is not valid.

SSL certificates need to be valid to work with the android app, a certificate more than a year old is probably already expired.

Yes, it does seem to be the SSL certificate. I did validated the certificate using the SSL Checker I mentioned, which said it has over 30 days left, for what that’s worth. And DuckDNS/LetsEncrypt is supposed to renew the certificate automatically. But assuming the certificate is no longer valid (14 months old)… I’ve not found a method to generated a new certificate on DuckDNS.org on my existing sub.domain. I suspect I could delete my sub.domain URL, but I am concerned DuckDNS may not permit re-issuing the same sub.domain a second time. Are you aware of how to generate a new certificate on DuckDNS on existing sub.domain?

I was able to renew the token on DuckDNS. I update the token in HA DuckDNS add-on, restarted HA, but nothing has change in that respect. Obviously renew of token does not create a new certificate.

I deleted the ssl certificate and key files from the ssl directory and restarted DuckDNS add-on, thinking the files would be replaced by DuckDNS add-on, but they are no longer :frowning:

I am not familiar with Duck DNS

RESOLVED: I had “Settings->People” for my login set to “Can only log in from the local network”

Just one little bit can cause a ton of trouble :slight_smile: