IOS App Authentication Error

Hello Alex,

I am having the same problem and I was wondering can you give more information about how you were able to “change the CNAME for the Home Assistant domain to an A record”.
Thank you in advance.

I have the same issue as the original post.
I tried disabeling ipv6 on my raspberry PI 3B+ but that doesn’t work.
I get following error:

2019-07-20 23:59:31 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
File “uvloop/sslproto.pyx”, line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
File “uvloop/sslproto.pyx”, line 484, in uvloop.loop.SSLProtocol._do_handshake
File “/usr/local/lib/python3.7/ssl.py”, line 774, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076)

Any advice would be helpfull, without the app i’m lost.
Thanks.

As I don’t have ipv6 in my network I didn’t disable anything.

I just made sure I configured my ipv4 correctly on the pi - check out post 20

I hope that helps

I had this same issue, and it was IPv6/DNS related. Enabling debug logging showed me:

ERROR (MainThread) [homeassistant.components.auth.indieauth] Timeout while looking up redirect_uri https://home-assistant.io/iOS

To resolve it, rather than trying to turn off IPv6, I simply made a static reference in my local DNS (I’m running pi-hole elsewhere on my network in a Docker container). home-assistant.io (as of the time of this comment) resolves to 104.25.25.31.

Hello,
having exact same issues

2019-07-29 13:19:51 ERROR (MainThread) [homeassistant.components.auth.indieauth] OS error while looking up redirect_uri https://home-assistant.io/iOS: Network is unreachable

running completely on local network without ipv6

But I’m really wondering why local server wants to communicate with outside world, when I explicitly said in iOS app to use local address only??

Hi

just wanted to let you know, that I also have the exact same issue here. HASSIO, only local connectivity. Please let me know if I can help solving the problem…

I for the life of me cannot figure out how to get this to work. I am running hass.io via a vmdk on esxi. And keep getting this error via login.

This is the error in my log file:

2019-08-10 15:23:34 ERROR (MainThread) [homeassistant.components.auth.indieauth] OS error while looking up redirect_uri https://home-assistant.io/iOS: Try again

I have seen above about disabling ipv6. I have no idea how to do that. Ideas? Help???

I have had the same problem for 6 long months.
Solved it two days ago.

I have HomeAssistant running in a Docker container on my Synology NAS.
Used Let’s Encrypt certificate on Synology to secure it.

I wanted to setup the HomeAssistant app on two mobile iPhones.
It was already working on one iPhone and one iPad for a few months, but when I wanted to setup the two other phones it would not work.
Same error as dicribed by everyone else here.
Web site worked fine on all devices.

I removed the app on the working phone, and after reinstall it also cound not connect. Dooh…

The 2.0 beta app had the same problem.

The solution was actually quite simple!
My Synology NAS had its own IP as primary DNS server.
I changed this to one of Googles (8.8.8.8), and now the HomeAssistant app (version 1.5.1) is working on all devices!!

Hi all, been bashing my head against this one all night… Ended up nuking my config directories as I blamed a recent errant “rm -r *” in my .homeassistant directory for creating some form of instability, but was wrong. New installation, old problems.

In the end I managed to trace it back to a self-compiled installation of openssl. I use a RPi3, and it didn’t have the latest openssl available as a package which was causing me some problems with either HA or something else a while back. The issue with this is that it tries to load the root certificates from /usr/local/ssl/certs and NOT /etc/ssl/certs (which is where update-ca-certificates is plonking the certificates)

Not wanting to figure out how to configure either update-ca-certificates or how to compileopenssl against the correct dirrectory, cheating and creating a symlink worked for me:

Copy to clipboard

rm /usr/local/ssl/certs -r
ln -s /etc/ssl/certs /usr/local/ssl/certs

hope this helps someone

1 Like

Another reason is that the home-assistant.io site has an IPv6 address and the authentication is attempting to contact it. If IPv6 doesn’t work in your install, then you might get the error. I had turned IPv6 on for my IoT VLAN, but it apparently wasn’t routing so I got stuck. I turned IPv6 off for the VLAN and the problem immediately went away.

thanks.slove my question.

How should I turn IPv6 off? I have Home Assistant on a Raspberry Pi Zero W, with Python3.7 virtual environment, and a FritzBox as modem in my home network.

I’ve been struggling with this all day; the iPhone app updated today and I haven’t been able to login properly ever since. I’m running 0.102.2 on an iMac but continuously get this error:

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1051)
2019-11-27 13:46:50 ERROR (MainThread) [homeassistant.components.auth.indieauth] SSL error while looking up redirect_uri https://home-assistant.io/iOS

The following is in my nginx logs, I proxy through nginx to my home:

68.48.101.93 - - [27/Nov/2019:13:43:35 -0500] "GET /service_worker.js HTTP/1.1" 304 0 "https://home.example.com/service_worker.js" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1" "-"

I’m not convinced turning off IPv6 is the correct answer here, IPv6 and IPv4 should be able to run side by side with no problem and if home-assistant.io has a AAAA record, it should work and redirect just fine; your home network will only use the AAAA record if it has a global IPv6 address.

So, I guess the bigger question is: why is the app forcing a redirect to a domain that has oblivious issues with IPv6?

Is there anything else that can be done other then globally turning off IPv6?

Ah, I’ve been waiting for this one… if you run HA on MacOS in a venv there are issues with how you install python. I reproduced this issue during the beta and it had nothing to do with ipv6 not working but rather with the instructions how python was to be installed.

Note that in the docs (I used this: https://www.python.org/downloads/release/python-374/ ) there is a note about installing certificates and when that wasn’t done the oauth2 redirect failed.

I hope this will help you resolve your issue.

Howdy!
After banging my head against the wall for about 3 hours, I’m also having this issue. I’ve disabled IPv6 on my ubuntu VM and I’m still not able to authenticate with the new iOS app. if it matters, I’m running the latest version of HA on a Ubuntu 16.04 VM on ESXi, I use pi-hole for DNS. Haven’t had any issues until the new app was released. What can I post here to assist with troubleshooting?

Thanks so much! Happy thanksgiving all!

Hi @brent20 what actual errors are you getting? Do you have anything of note in Home Assistant’s logs?

This doesn’t make sense. The home-assistant.io A record resolves to 104.25.25.31. That should be enough. I keep getting “Error: invalid client id or redirect uri”

You most local have an issue with IPv6 on your network. Please look here. As a first test try disabling IPv6 on the system running Home Assistant

Can you define “issue?” Why should local IPv6 break public IPv4?

There have been several different issues and I don’t fully understand the root cause however if this is the problem that link gives you a test and fix