On HA 0.89.0 and using the current beta (1.5.1) version of the iOS app with Letsencrypt and DuckDNS, I have a secure connection to my HA installation from the app with wifi on my iPhone turned off. However, if I’m connected to the home router, I get a connection error that indicates TokenError 1 and/or the blurb about the certificate not being trusted. Accessing from Safari using the internal IP gets me to the password screen but then says “unable to connect”, and doing the same using my duckdns address yields a page indicating that Safari cannot open the page with the warning that the cert is invalid (again only inside the network). There are plenty of posts about trouble accessing HA from outside the network, but I don’t see anything about this particular situation.
I’ve tried:
using the app internal URL setting pointed directly to the LAN address/port of HA, which yields the same result
installing a self-signed cert with an attempt at adding a second cert reference in the http: portion of configuration.yaml, but that didn’t work at all, so I removed it
deleting and reinstalling the app (several times); tried both current app store and the beta versions
The only possibly relevant entry I can find in home-assistant.log is: INFO (MainThread) [homeassistant.components.http.view] Serving /api/error/all to 192.168.1.171 (auth: True)
Any help is appreciated… I’m aware that v2 of the app will drop soon and may fix the errors, but in the interim I’d love to have control inside my network!
I’ve tried that, but apparently my ISP (Spectrum) doesn’t allow “NAT loopback”, which is when you’re trying to go outside of your internal network and then back in again. For instance, if I put the duckdns URL into my laptop browser, it takes me to my router login page. I think this is probably exactly why the developers added the internal URL setting field in the app, but it isn’t working for me.
My understanding is that the NAT loopback issue is based on the ISP’s rules rather than a router capability, but someone please correct me if I’m wrong.
The most confusing part of this is having gone through the work to have a formally signed SSL certificate (per certbot and letsencrypt) and still be told by the browser that the certificate isn’t trusted… I used this guide more or less:
I even tried importing the cert.pem into the phone as a profile, but that did nothing.
If your Router support custom DNS Settings you could override your DuckDNS with your internal IP. Or setup your own DNS Server on your HA Host and change your DHCP Server Settings to this DNS if possible.
I think “NAT loopback” may refer to the same thing as “NAT Reflection”, but perhaps not. For me, to make this work I had to enable Nat Reflection on my router. NAT Reflection is definitely not an ISP issue, it’s handled entirely by the router, but how to enable it will vary by router model.
I know this is an old thread was there ever a resolution for this?
I’m on the Home Assistant IOS app v1.5.1 with the same problem (ssl cert for my external facing connection doesn’t work on my local network, so the app won’t connect).
It’d be nice to have an “ignore SSL cert error” button in the Home Assistant IOS app.
When I try to just use the native IOS Safari browser, I hit my local hassio interface, can login, but then I get the error “Unable to connect to Home Assistant” (running IOS v9.3.5).
If I am using AdGuard can I set the redirection up in here? Means I don’t have to touch the router. If so where would I do it? Should it be in DNS rewrites or custom filtering rules, I am unsure of the difference, thanks
I don’t think you can do that, but I’m no network engineer. It seems like the newer routers support loopback out of the box though… my ASUS doesn’t even have an option to disallow it.
@olbjan a dns lookup from the phone still gives the external IP address - I have posted this in the adguard page. From Windows it will resolve to the internal address, and with IP tools on the phone, pointing explicitly to my hassio IP address for the DNS Server it will resolve to the internal IP address, however a generic DNS lookup will give the external address.
The latest version of the App (upgraded last night) recognises the instance (I deleted the data and restarted the app), however still won’t connect.
Turning off IPv6 on the router enables me to connect, however this isn’t a workable solution other than to highlight that it appears to be a IPv6 DNS issue.