IOS 13 Beta - Home Assistant Companion App - GPS Location not working

Everything was working fine, then I updated my phone to IOS 13 Beta and my GPS location updates stopped working.

Home Assistant v0.94.0

Few scenarios:

  1. Broken - Home assistant Companion v2.0.0(62) and iOS 13 Beta
  2. Working - Home assistant Companion v2.0.0(62) and iOS 12
  3. Broken - Home assistant Companion v1.5 and iOS 13 Beta.

Seems the commonality is iOS 13 and it is also the only thing that changed. The companion app seems to be working fine in all other aspects, except GPS updates. Both iOS 13 devices have location tracking enabled for the companion app.

Thoughts?

EDIT 8/24/19: I am up to iOS 13 Beta 8 and still not working, same scenario as originally described.
EDIT 8/30/19: I noticed that my iOS app was failing to connect due to certificate errors through my reverse proxy. Apparently Apple tightened its certificate trusting rules in iOS13. I tried to update to a new cert that meets the criteria and failed, so I disabled SSL and am testing. I expect it will work fine. See site for more info: https://support.apple.com/en-us/HT210176
EDIT 9/1/19: Fixed, Removed SSL from reverse proxy and not app is connecting when outside local network. I also had to remove the mobile_app integrations for the iOS 13 phones and re-add them as new for push notifications to work. Not sure, but I suspect the push IDs were mismatched after update like it generated a new ID on the app and didn’t match the server, but deleting and re-adding the device fully cleared it up!

Thanks,
Joel

Mine is working. Are you using the beta iOS App as well as beta ios? (I am)

I have found the same on IOS 13 beta. For now I have been using Life360 for my GPS updates.

Yes I am, as mention in original post, v2.0.0(62)

i managed to get ha app to work on ios13 beta , all you need is to create a ca , sign server certificate with the ca you just created with some config files.Then import CA cert to iOS devices and its done.

Following is what command and openssl config file i use:

  1. Generate our CA

openssl req -x509 -sha256 -newkey rsa:2048 -keyout ca_privkey.pem -nodes -out ca_cert.pem -subj “/C=[country]/ST=[state]/L=[locality]/O=[organization]/OU=[organization unit]/CN=[common_name]/” -config v3_ca.ext -days 365

content of v3_ca.ext:

[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name

[req_distinguished_name]

[v3_req]
basicConstraints        = critical, CA:TRUE
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always, issuer:always
keyUsage                = critical, cRLSign, digitalSignature, keyCertSign 
subjectAltName          = @alt_names

[v3_ha_server]
basicConstraints        = critical, CA:TRUE
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always, issuer:always
keyUsage                = critical, cRLSign, digitalSignature, keyCertSign
subjectAltName          = @alt_names

[alt_names]
IP.1 = [your ip ]
#DNS.1 = [your domain]
# uncomment if your need a domain name not a ip address
  1. create your server private key

openssl genrsa -out privkey.pem 2048

  1. generate certificate signing request

openssl req -new -sha256 -key privkey.pem -subj “/C=[country]/ST=[state]/L=[locality]/O=[organization]/OU=[organization unit]/CN=[common_name]/” -out privkey.csr

  1. view the csr if you want

openssl req -in privkey.csr -noout -text

  1. use CA cert and privkey of your CA cert to sign the server certificate

openssl x509 -req -in privkey.csr -CA ca_cert.pem -CAkey ca_privkey.pem -CAcreateserial -out certificate.pem -days 365 -sha256 -extfile v3_ha.ext -extensions v3_ha_server

v3_ha.ext file content:

[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name

[req_distinguished_name]

[v3_req]
basicConstraints        = critical, CA:FALSE
subjectKeyIdentifier    = hash
keyUsage                = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement 
extendedKeyUsage        = critical, serverAuth
subjectAltName          = @alt_names

[v3_ha_server]
basicConstraints        = critical, CA:FALSE
subjectKeyIdentifier    = hash
keyUsage                = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement 
extendedKeyUsage        = critical, serverAuth
subjectAltName          = @alt_names

[alt_names]
IP.1 = [your ip ]
#DNS.1 = [your domain]
# uncomment if your need a domain name not a ip address
  1. Finally , import CA certificate to your ios device and copy certificate for the server to your ha instance.

  2. Enjoy :wink:

Is this instruction for a self signed certificate or letsencrypt cert? I have a domain cert and mine works without all this. (Just out of curiosity)

Must be self signed… you don’t need any of that with LetsEncrypt

self signed. Apple tightened self signed certs requirements after ios13.