I have an annoying error " Home Assistant Certificate Authority is not trusted" whenever I (or any add-on) tries to open map, but only in my tablet. Opening map is refused. Both, my phone and browser are perfectly ok with that.
1 Like
How did you install the certificate?
How old is your (Android?) tablet?
If it’s letsencrypt and an old android tablet, this is a known issue.
As far as I remember I have not. I do not use remote access.
I use Yoga Tab for HA so it is old. I used HA with that same tablet without problems about a year. Issue is from this summer, before it worked without problems. Also complaining about certificate only when using map makes no sense for me.
having the same issue
I have been having this issue for a while, on my Android tablet (old Nexus 7), but also on a more modern Pixel 6a phone. (also on Lenovo m8 tablet)
I can click/press away from the message and use HA and have been doing that but it is not a solution.
Finally decided to try and find a solution for my scenario.
Looked at the following posts that appear to be directly or indirectly relevant - as far as I understand them:
https://www.reddit.com/r/homeassistant/comments/1c44s04/ssl_certificate_trust_issue_with_home_assistant/
https://www.reddit.com/r/homeassistant/comments/1cnwtjj/companion_app_android_issue_ha_certificate/
https://www.reddit.com/r/homeassistant/comments/19ac4r8/the_home_assistant_certificate_authority_is_not/
https://www.reddit.com/r/homeassistant/comments/1erg7yg/home_assistant_certificate_authority_is_not/
My HA instance is a ‘bare’ install on an old x86 net-PC and works fine apart from this error about untrusted certificate authority on the Android apps (PC browser on Windows and Linux is fine). Until about 6 months ago it just worked fine - period - as it should.
current versions are
- Core2024.12.3
- Supervisor2024.12.3
- Operating System14.0
- Frontend20241127.8
I use http to access HA on my home LAN ONLY - I do not access anything on my LAN from the internet (unless I use Teamviewer to remote in - that works fine) and therefore I do not use https for the various servers available to me within the home (on another PC) e.g. PRTG, XAMPP, Jellyfin, NextPVR etc - they all work fine without having to install certificates etc. (or their install includes them without my knowledge)
from my limited understanding I may have to install a certificate on my Android devices - and yet to do that I appear to need a domain name that I do not have because I am not using the internet (again, if I understand correctly) - not least knowing what domain name to use.
Those many posts above mostly seem to suggest getting a certificate somehow and even the most helpful immediately jump into jargon about how to do so, or assume a particular operating system e.g.Mac They are all above my level of understanding of the issue within the context of HA. Several mention Letsencypt, but I do not understand its relevance. Most of the posts deal with HA that is accessed remotely or where the LAN has other internet connections.
I have looked at my configuration.yaml and I do not have any reference to http or https
If I try and access HA using https it fails
I do not recall any option to use one or the other during install but may have missed it.
I want to continue to use http within my LAN (I understand and agree I should use https if on the internet or accessed from the internet)
I do not need the additional level of complexity (or understanding) to install certificates just to continue to use http on a LAN only system.
However if this is now mandated by HA developers then I think I need a layman’s guide to solving this - I mean really simple, for all install/hardware/OS combinations OR a setting giving the ability to ignore these errors somehow within the companion Android app.
OR I need HA to provide a certificate (maybe within an update) please that I can upload to resolve the situation for HA installs on LAN only scenarios (so can be a duplicate) - without jumping through the relatively complex explanations found or linked from the posts above.
as someone posted elsewhere - I just want to spend time understanding/developing my HA.
Edit:
I looked at changing from http to https
which maybe out of date anyway - Found another reference to Letsencrypt: - it says LetsEncrypt will only work if there is DNS and remote access - I do not have or want remote access.
More recently someone pointed to: howto/HomeAssistant/HomeAssistantTrustedSelfSigned.md at 7c7f9230aa2544f8bf3954261c7094335cb35d9c · ouaibe/howto · GitHub
I tried reading this and quickly got bogged down.
having written this, I am thinking I must have missed something - a mystery post or web page that explains and/or resolves this in which case thanks for reading and please point me in the right direction.
with thanks
I think this is just some HA bug. Until the summer, for me, everything was fine, then they have must changed something. Because so few are affected nobody cares. When it really is bug I don’t believe that there is much in your side that can be done.
The bottom line is that you can use https on lan if you want to.
You can even use ssl cert for client auth on lan and this is something that is on my todo list. Why all that? Why do people have vlans on lan? It is just a layer of security on your own network but it adds a level of complexity to set this up.
But you don’t have to do anything from above. You can use http access to ha in your local lan and I think that is perfectly fine.
Thanks for the comments.
@ddaniel Yes, all I want to do is use http on the LAN which is private, so not sure why the message appears. I do not need/want to use https.
@catdogmaus I am hoping this is the answer (just a bug), and will probably wait it out again given HA is updated so frequently (though I do not update each time)
I guess the underlying question might be why?
https/SSL/certificates is a generic technology (for want of a better expression), not specific to HA. If I can run Android apps for PRTG and Jellyfin in order to access their respective servers on the same LAN (albeit on a different ‘box’) without a similar error then it would suggest that something can be done within HA (or its app) to sort this out without needing to install certificates etc etc - at least for private LAN use only.
At least it is not (yet) a critical bug/problem (though somewhat annoying, especially if encouraging others even less technical to use the system).
The benefits of HA (and this community) are still worth the inconvenience. Thank you to the developers.