I have an annoying error " Home Assistant Certificate Authority is not trusted" whenever I (or any add-on) tries to open map, but only in my tablet. Opening map is refused. Both, my phone and browser are perfectly ok with that.
1 Like
How did you install the certificate?
How old is your (Android?) tablet?
If itās letsencrypt and an old android tablet, this is a known issue.
1 Like
As far as I remember I have not. I do not use remote access.
I use Yoga Tab for HA so it is old. I used HA with that same tablet without problems about a year. Issue is from this summer, before it worked without problems. Also complaining about certificate only when using map makes no sense for me.
1 Like
having the same issue
1 Like
I have been having this issue for a while, on my Android tablet (old Nexus 7), but also on a more modern Pixel 6a phone. (also on Lenovo m8 tablet)
I can click/press away from the message and use HA and have been doing that but it is not a solution.
Finally decided to try and find a solution for my scenario.
Looked at the following posts that appear to be directly or indirectly relevant - as far as I understand them:
https://www.reddit.com/r/homeassistant/comments/1c44s04/ssl_certificate_trust_issue_with_home_assistant/
https://www.reddit.com/r/homeassistant/comments/1cnwtjj/companion_app_android_issue_ha_certificate/
https://www.reddit.com/r/homeassistant/comments/19ac4r8/the_home_assistant_certificate_authority_is_not/
https://www.reddit.com/r/homeassistant/comments/1erg7yg/home_assistant_certificate_authority_is_not/
My HA instance is a ābareā install on an old x86 net-PC and works fine apart from this error about untrusted certificate authority on the Android apps (PC browser on Windows and Linux is fine). Until about 6 months ago it just worked fine - period - as it should.
current versions are
- Core2024.12.3
- Supervisor2024.12.3
- Operating System14.0
- Frontend20241127.8
I use http to access HA on my home LAN ONLY - I do not access anything on my LAN from the internet (unless I use Teamviewer to remote in - that works fine) and therefore I do not use https for the various servers available to me within the home (on another PC) e.g. PRTG, XAMPP, Jellyfin, NextPVR etc - they all work fine without having to install certificates etc. (or their install includes them without my knowledge)
from my limited understanding I may have to install a certificate on my Android devices - and yet to do that I appear to need a domain name that I do not have because I am not using the internet (again, if I understand correctly) - not least knowing what domain name to use.
Those many posts above mostly seem to suggest getting a certificate somehow and even the most helpful immediately jump into jargon about how to do so, or assume a particular operating system e.g.Mac They are all above my level of understanding of the issue within the context of HA. Several mention Letsencypt, but I do not understand its relevance. Most of the posts deal with HA that is accessed remotely or where the LAN has other internet connections.
I have looked at my configuration.yaml and I do not have any reference to http or https
If I try and access HA using https it fails
I do not recall any option to use one or the other during install but may have missed it.
I want to continue to use http within my LAN (I understand and agree I should use https if on the internet or accessed from the internet)
I do not need the additional level of complexity (or understanding) to install certificates just to continue to use http on a LAN only system.
However if this is now mandated by HA developers then I think I need a laymanās guide to solving this - I mean really simple, for all install/hardware/OS combinations OR a setting giving the ability to ignore these errors somehow within the companion Android app.
OR I need HA to provide a certificate (maybe within an update) please that I can upload to resolve the situation for HA installs on LAN only scenarios (so can be a duplicate) - without jumping through the relatively complex explanations found or linked from the posts above.
as someone posted elsewhere - I just want to spend time understanding/developing my HA.
Edit:
I looked at changing from http to https
which maybe out of date anyway - Found another reference to Letsencrypt: - it says LetsEncrypt will only work if there is DNS and remote access - I do not have or want remote access.
More recently someone pointed to: howto/HomeAssistant/HomeAssistantTrustedSelfSigned.md at 7c7f9230aa2544f8bf3954261c7094335cb35d9c Ā· ouaibe/howto Ā· GitHub
I tried reading this and quickly got bogged down.
having written this, I am thinking I must have missed something - a mystery post or web page that explains and/or resolves this in which case thanks for reading and please point me in the right direction.
with thanks
1 Like
I think this is just some HA bug. Until the summer, for me, everything was fine, then they have must changed something. Because so few are affected nobody cares. When it really is bug I donāt believe that there is much in your side that can be done.
The bottom line is that you can use https on lan if you want to.
You can even use ssl cert for client auth on lan and this is something that is on my todo list. Why all that? Why do people have vlans on lan? It is just a layer of security on your own network but it adds a level of complexity to set this up.
But you donāt have to do anything from above. You can use http access to ha in your local lan and I think that is perfectly fine.
Thanks for the comments.
@ddaniel Yes, all I want to do is use http on the LAN which is private, so not sure why the message appears. I do not need/want to use https.
@catdogmaus I am hoping this is the answer (just a bug), and will probably wait it out again given HA is updated so frequently (though I do not update each time)
I guess the underlying question might be why?
https/SSL/certificates is a generic technology (for want of a better expression), not specific to HA. If I can run Android apps for PRTG and Jellyfin in order to access their respective servers on the same LAN (albeit on a different āboxā) without a similar error then it would suggest that something can be done within HA (or its app) to sort this out without needing to install certificates etc etc - at least for private LAN use only.
At least it is not (yet) a critical bug/problem (though somewhat annoying, especially if encouraging others even less technical to use the system).
The benefits of HA (and this community) are still worth the inconvenience. Thank you to the developers.
EDIT: the error message has stopped appearing. No obvious reason. Most likely change was a reference to remote https resource within Wallpanel that was replaced with local resource.
1 Like
I am having the very same issue with an old Lenovo TAB3, which I am trying to use as a wall display. I am trying to use plain http in internal network and all other devices work with it just fine. Any ideas how to resolve the problem?
That is not a problem of the Tab. I had the same problem.
I depends on the acceptance of unathorized HTTPS certificates for your local instance.
As we know this makes sense on internet but however wants a https conencting in their own network, not having any internet webpages and so no domain must be a valid process for home assistant.
I would be more hard work to install the certificate on your 10 devices to whitelist your server than allow a toggle like āi know about securtiy, I know, and checked it is my server, so please let me forward to itā and ignore the untrusted CA.
I remember fixing this on your own by copy the CA certificate to your trusted ones will fix it for HA as HA only accepts certificates by their whitelist. And that is wrong.
I have a few Android devices. All of the ones with Android 10 or newer work fine. My 2 tablets that are running Android 7 both give me the certificate error when I use the HA App. They both will connect using the web browser at HTTP://192.168.X.X:8123. Iām no expert but I thought web browsers also use certificates. I wonder why I can browse to HA but canāt connect with the app.
1 Like