Home Assistant Companion App Won't Connect Remotely When Using Pi-hole DNS

Hi everyone,

I’m having trouble accessing my Home Assistant remotely via the official companion app when my Pi-hole DNS server is enabled on my network.

Setup details:

• Home Assistant with DuckDNS + Let’s Encrypt + NGINX proxy
• When I disable Pi-hole entirely, the companion app connects remotely without issues, both on my Wi-Fi and when roaming
• When Pi-hole is enabled, the companion app fails to connect remotely
• Pi-hole logs do not show any blocked queries related to Home Assistant or DuckDNS domains
• Local access to Home Assistant works fine with Pi-hole enabled

My questions:

• How can I configure Pi-hole or Home Assistant to allow the companion app to work remotely with Pi-hole enabled?
• Are there known whitelist domains or configuration settings required for Pi-hole in this scenario?
• Is there a way to debug or trace what the companion app’s remote connection attempts are doing with Pi-hole enabled?

Any guidance or suggestions would be greatly appreciated!

Note: This isn’t really about the Companion app itself, as it works perfectly without Pi-hole enabled. I’m hoping someone here might have knowledge or experience with this specific interaction between Pi-hole DNS and remote Home Assistant access.

Thanks in advance!

What do you have for the network settings in the companion app? Also, what do you have for the host configuration in the Nginx Proxy?

Did you try with a browser instead of the Companion app ? Results ?

Thanks for the suggestion! I just tested accessing Home Assistant remotely using my mobile browser, and it works fine.

I really don’t understand why the Companion app behaves differently in this case.

My NGINX setup should be default:

domain: mydomain.duckdns.org
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
customize:
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf
real_ip_from: []

And Network port is 443

And for my companion app I use:
Home Assistant URL: https://mydomain.duckdns.org/

Does the companion app give you any error messages?

What happens if you try https://mydomain.duckdns.org in the browser, but connected locally? Checking if your router supports NAT Hairpinning.

See if your router allows you to log anything when port forwarding.

I never had any problem connecting using the duckdns.org with my browser when I’m on my local network.

Regarding the Companion App, I only get the “normal” message:

Unable to connect to Home Assistant.

Then some text about checking the setup.

Regarding my router, I have an ASUS router, but I haven’t found an option to log the port forwarding part. I only forward port 443 to my HA.

The strange part is that the Companion app has been failing to connect remotely for a long time — except for short periods when I’m actively troubleshooting. When I test it at home, switching between local Wi-Fi and roaming, it sometimes starts working again even though I haven’t actually changed anything. I end up thinking it’s “fixed,” but the next day, when I’m away from home, it usually stops working again. This pattern has happened several times, which makes it more tricky to troubleshoot.

Also, sometimes I notice a log entry in HA about a failed login attempt, showing my phone (or my phone carrier) as the source. This only happens occasionally, not every time the connection fails.

Right now, the app is working remotely again, so it’s hard to test further at this exact moment. I’ll try again tomorrow to see if it’s still working or if the issue returns.

Thanks for taking the time to help me with this — I really appreciate it.

Quick update after more testing today:

When I tried connecting remotely this evening, the Companion app failed as usual.

I then disabled Pi-hole, and right after that I got a log notification in HA:

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:136
integration: HTTP (documentation, issues)
First occurred: 20:32:24 (1 occurrence)
Last logged: 20:32:24


Login attempt or request with invalid authentication from ****[IP removed]****. Requested URL: '/api/websocket'. (Mozilla/5.0 (Linux; Android 16; Pixel 6a Build/BP2A.250705.008; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/138.0.7204.179 Mobile Safari/537.36 Home Assistant/2025.7.1-16758 (Android 16; Pixel 6a))

Right after this log entry appeared, my phone connected successfully.
At this point, I could turn Pi-hole back on, and the connection continued to work without issues.

This matches a pattern I’ve noticed before: if I’m at home troubleshooting, toggling Pi-hole (or sometimes just switching between local Wi-Fi and roaming) makes the app connect again for a while — but the next day, when I’m away from home, it stops working again.

Still not sure if this is directly Pi-hole related, some kind of DNS caching issue, or an authentication/session timeout problem, but I thought I’d share in case it helps narrow things down.

Edit:
And I can add some of the companion app log now as it doesn’t connect again:

08-11 21:02:32.625  7685  7731 D ServerConnectionInfo: usesInternalSsid is: false, usesWifi is: false
08-11 21:02:32.627  7685  7731 D ServerConnectionInfo: usesInternalSsid is: false, usesWifi is: false
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: Error while getting core config to sync sensor status
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: io.homeassistant.companion.android.common.data.integration.IntegrationException: java.net.SocketTimeoutException: failed to connect to mydomain.duckdns.org/[Redacted IP] (port 443) from /100.75.214.77 (port 45256) after 10000ms
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at io.homeassistant.companion.android.common.data.integration.impl.IntegrationRepositoryImpl.getConfig(IntegrationRepositoryImpl.kt:522)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at io.homeassistant.companion.android.common.data.integration.impl.IntegrationRepositoryImpl$getConfig$1.invokeSuspend(Unknown Source:14)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:98)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:124)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:89)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:586)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:820)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:717)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:704)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: Caused by: java.net.SocketTimeoutException: failed to connect to mydomain.duckdns.org/[Redacted IP] (port 443) from /100.75.214.77 (port 45256) after 10000ms
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at libcore.io.IoBridge.connectErrno(IoBridge.java:235)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at libcore.io.IoBridge.connect(IoBridge.java:179)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at java.net.PlainSocketImpl.socketConnect(PlainSocketImpl.java:142)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:390)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:230)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:212)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:436)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at java.net.Socket.connect(Socket.java:646)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at okhttp3.internal.platform.Platform.connectSocket(Platform.kt:147)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at okhttp3.internal.connection.ConnectPlan.connectSocket(ConnectPlan.kt:280)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at okhttp3.internal.connection.ConnectPlan.connectTcp(ConnectPlan.kt:140)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at okhttp3.internal.connection.FastFallbackExchangeFinder$launchTcpConnect$1.runOnce(FastFallbackExchangeFinder.kt:141)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at okhttp3.internal.concurrent.TaskRunner$runnable$1.run(TaskRunner.kt:81)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1156)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:651)
08-11 21:02:44.486  7685  7731 E SensorReceiverBase: 	at java.lang.Thread.run(Thread.java:1119)
08-11 21:02:44.555  7685  7731 D SensorReceiverBase: Nothing to update for server 1 (Home)
08-11 21:02:44.555  7685  7731 I SensorReceiverBase: Sensor updates and sync completed
08-11 21:02:49.698  7685  7685 D LocationSensorManager: Received location update.

Try removing the HA companion App, ensuring all data is removed and then reinstalling it.

Yes, I’ve tried that a couple of times during earlier troubleshooting, but unfortunately it didn’t change the behaviour.

Have you tried setting up a VPN connection instead of port forwarding to the HA machine? While I realize this can seem daunting if you’ve never set up a VPN before, it really is the most secure way to allow remote access to your network. Port forwarding to your HA machine, especially a common port like 443 is just asking for problems IMHO.

I suspect that using a VPN service will ultimately fix the problem because your remote devices will act like they do when they are on the local network. The fact that you don’t have issues connecting on the local network means you probably won’t have issues connecting through a VPN connection either.

So while I would normally tell people to fix the root problem and not just the symptoms, this is one time where I think the “fix” is the better option even if it means you don’t actually uncover the root cause of the problem.

Among various VPN setups / methods, Tailscale could be an easier route to go.

I do have a VPN set up using WireGuard, and with it active I can connect to HA without any issues when I’m away. As you said, it’s more of a workaround than a real fix, but it’s a great option to have.

I’m still interested in tracking down the root cause though — I suspect my Pi-hole might be involved somehow. I’ll keep digging, but it’s good to know I can always fall back to my VPN when needed.

Could this be caused by some addition of a (wrong) local domain by the companion app, eg .local or something, when looking for http://homeassistant:8123?

I currently prepare to use an own dns server instead of Fritzbox for my intranet and had similar effects when doing first tests. Many things worked fine, but not the HA companion app when using local connection. Did not really analyze the problem by now, but this would explain the behavior. When doing ping from local Android, it adds .fritz.box automatically and ping is working fine, but HA companion does not find homeassistant:8123 which is strange.

Will look into the logfiles and test in the near future.