Home Assistant with SSL enabled and TTS/local audio file playback on Sonos speakers

Shenkie · August 30, 2021, 3:46pm

Hi there,

A few days ago I started to integrate all my smart home devices into Home Assistant, instead of looping all features together in unconventional ways since it obviously had its limitations. I must say: a world has opened up to me!

Yesterday I figured I’d start a migration from using Google Assistant through the Nabu Casa cloud method to manually adding Google Assistant (and adding SSL in the progress).

Generally things are working well. However, I am having trouble with sending TTS to my Sonos speakers. I have one Google Home Mini which actually DOES respond to the tts.google_say service. In the Sonos App I receive the error:

Unable to play ‘xxxx_google_translate.mp3’ the connection to https://xxxx.mydomain.com:8123 was lost.

I understand this has something to do with SSL and Sonos receiving internal requests from my Home Assistant. It is the same problem when trying to play local audio files. i.e. https://xxx.mydomain.org:8123/doorbell.mp3. I will abbreviate this (ofc. without doorbell.mp3) as MYDOMAIN now, since I have the limitation that I can only post two URLs in one post.

I have been struggling with finding a fix for this. What I have already done:

I added to configuration.yaml:

http:
    ssl_certificate: /ssl/fullchain.pem
    ssl_key: /ssl/privkey.pem
    ip_ban_enabled: true
    login_attempts_threshold: 5
    base_url: :8123 #I also tried the full https://xxxx.mydomain.com:8123, but no difference

Under General Configuration I added MYDOMAIN to the Internal and External URL.

Does anyone have any other suggestions? I have been reading up a lot on this community, but haven’t found the real solution yet.

finity · August 30, 2021, 8:10pm

I believe that is a recent bug in the Sonos API.

Here is the issue for it:

Shenkie · September 5, 2021, 10:37am

Thanks! As far as I know anything about SSL, I think Sonos is not willing to accept the SSL certificate based on the URL with the ‘*:8123’ suffix, since the certificate is exclusively for the xxx.duckdns.org.

I found a solution based on posts in two similar topics:

Sonos and TTS (Google) fails - #13 by SpikeyGG
https://github.com/home-assistant/core/issues/55223 (link provided by @finity )

I disabled my DuckDNS integration in HA and followed the guide below:

I then added the following to my config (suggested by ‘Pengelen’ in the Github issue page):

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.xxx.xxx/24 #ofc replace this with your internal IP

TTS should be working for Sonos now. Make sure that if you want to play local audio files on Sonos you no longer add the ‘:8123’ to your external address.

i.e.
~~https://xxx.duckdns.org:8123/doorbell.mp3~~
https://xxx.duckdns.org/doorbell.mp3

Hope this is of help to someone! I reverted back to using Cloud because of another server that is hosted on my IP that also requires SSL and I no longer feel like diving into that. I suppose it’s worth the €5,- p/m for me

crasu · October 2, 2022, 9:39am

I had a similar issue with local mpd audio, self signed tls cert and the mpd addon. Turns out you can configure mpd to ignore certs by configuring a custom config like this:

media_folder: /media/mpd/media
playlist_folder: /media/mpd/playlists
volume_normalization: false
httpd_output: false
custom_config: /share/mpd/mpd.conf

Using this file as a base:
https://raw.githubusercontent.com/Poeschl/Hassio-Addons/main/mpd/root/etc/mpd.conf

And turning off the ssl cert check in mpd.conf:

input {                                 
       plugin "curl"                                                           
       verify_peer "no"        
       verify_host "no"
}

Using the cacert param did not work for me.