Home assistant running, but not accessible (possible ssl issue)

I have home assistant running in a virtual host on proxmox on a NUC.
I’m running the following version:

hassos: 7.0
homeassistant: 2021.12.3
supervisor: 2021.12.2

I have a domain for it and a ssl certificate to secure it. I also have port mappings in my router for port 443 so I can reach it from anywhere.

I have these lines in my configuration.yaml:

http:
  ssl_certificate: /ssl/home_mydomain_nl.crt
  ssl_key: /ssl/www_sslcertificaten_nl.key

Until recently, everything was running fine. Since yesterday, I can’t reach it at the domain anymore at all, neither can I reach it on it’s IP or http://homeassistant.local.

Home assitant is still running, because I can still reach the home assistant CLI and automations are still triggered. I figured the problem was that the ssl certificates expired on 17-12-2021, so I renewed them, placed the new file in /ssl/home_mydomain_nl.crt an restarted home assistant from the CLI, but it didn’t help.

When I remove the http entry form the configuration file, I can reach home assistant on it’s IP, and everything seems to be fine, when I add it, I get no response in the browser at all. I can’t find any error in the logs either.

Any idea what could be the issue?
I also updated Home assistant to the lastest version on 17-12

1 Like

Try this from a command line on your computer to see what’s wrong: curl -v https://host:port.

It seems I did something wrong with the DNS configuration while generating a new certificate, it’s now working again and I guess it didn’t have anything to do with home assistant.

Only issue I now have is that I can only reach HA when I’m not on my own network/wifi.
I can’t reach it on it’s IP or on http://homeassistant.local:8123

If I try https://homeassistant.local:8123 , I see this message in the logs:

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:124
Integration: HTTP (documentation, issues)
First occurred: 19:33:25 (1 occurrences)
Last logged: 19:33:25

Login attempt or request with invalid authentication from 192.168.2.165 (192.168.2.165). (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36)

That error is probably caused because the certificaties are not for that url, but I can’t quite understand why I can’t reach it on the proper url anymore.

When I do a lookup on the domain with nslookup, I get the right IP, but when I try to reach it with for example curl, I just get a timeout.

A tracert brings up the right route it seems:

Tracing route to home.somedomain.nl [84.83.22.xxx]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.2.1
  2    <1 ms    <1 ms    <1 ms  84-83-22-xxx.fixed.kpn.net [84.83.22.xxx]

Hi Erik,

I am currently in the same boat, I can access my HA from my desired url, but it gives me the login attempt error notification when I open HA. Other than that I don’t have any other connectivity issues. I am using duckdns with mariadb + nginx for ssl. I am also running it in proxmox, and I have KPN as my internet provider, just like you do.