Lost HTTPS access

then it should have updated automatically.
can you not login via http from inside your network?

can you not login via http from inside your network?

Unfortunately not. I remember choosing not to configure that since “why would I ever need it”. I regret that today. I can’t remember what kind of config I choose to remove/not configure unfortunately.

And when you try your home ip with https:// .

sorry have you got access to the same network as the ha host?
or are you in a remote location

And when you try your home ip with https:// .

I get to a HA page with the error message.

You're about to give https://[my-wan-ip]/ access to your Home Assistant instance.
Logging in with Home Assistant Local.
Error: invalid client id or redirect uri**

sorry have you got access to the same network as the ha host?

Yes, I’m on the same network as the HA host.

so why dont you just type http://localip:8123

My browser then gives me

**192.168.1.100**  didn’t send any data.
ERR_EMPTY_RESPONSE

http://192.168.1.100:8123

takes you to your webui

Nope. As said, my browser gives me

This page isn’t working

192.168.1.100 didn’t send any data.
ERR_EMPTY_RESPONSE

then you have another problem which is not the certificate only
your ha is not running correctly.
you need to check your logs
if you have samba you should be able to see your homeassstantl.log

I checked home-assistant.log. Nothing of interest here really, only two entries from two non-relevant plugins having issues.
As said, I do remember intentionally disabling HTTP access. But I don’t remember how.

(BTW, thanks for your patience so far in helping me)

you cant disable htttp access within your network.
if ha is running correctly, then you should be able to access your webui

If home-assistant.log is not indicating any error, where else should I look for errors?

As I didn’t find any solution to my problem, my only option left was to the whole HA isntallation and start all over again from scratch :frowning:

In retrospect, I think I understand what I should have done to re-gain HTTP access. For setting up HTTPS access, I followed the official guide: https://www.home-assistant.io/blog/2017/09/27/effortless-encryption-with-lets-encrypt-and-duckdns/

When adding the foolowing to configuration.yaml, I loose HTTP access and get HTTPS access

# Example configuration.yaml entry for the HTTP component
http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

…so comment this out to get HTTP access.

1 Like

Hi,
Did you manage to enable both HTTP access and HTTPS access? I have trouble setting up access from internal URL (IP adress) and external URL (duckdns) at the same time.

If I comment out the ssl_certificate: /ssl/fullchain.pem and ssl_key: /ssl/privkey.pem lines, I can access HA from local network using http:ip-address:8123 but not from example.duckdns.org:8123 from external connection.
If I uncomment the lines, I lose access from local network access using HTTP and HTTPS but I can connect to HA externally using example.duckdns.org:8123.

So far I haven’t found a way to enable HTTP and HTTPS connections at the same time.

I’m at my wits end here. Using Hairpin NAT is out of the question because I’m using 4G connection and the Huawei B818 doesn’t support Hairpin NAT but needs to be in routing mode to have all the necessary options available and I don’t want to introduce another Hairpin NAT router behind because it would introduce double NAT.

Hi,
No, I didn’t get both HTTP and HTTPS access working. I run HTTPS both for local access and external access, using the very same URL (https://example.duckdns.org). I hadn’t heard about hairpinning before, but after some googeling, it seems like my router supports hairpinning. Hence I don’t have the problem you have (unfortunately).

I ran into this problem where the Lets Encrypt cert didn’t auto renew. Apparently it doesn’t by design https://community.home-assistant.io/t/lets-encrypt-add-on-how-to-get-automatic-renewal/171236

What I could do though is comment out my ssl_certificate and ssl_key lines in the config (via samba) then reboot Home Assistant. After that I could get in via http and rerun the Lets Encrypt add-on.

You can usually access locally just using the IP and HTTP plus port number.

I’ve got this automation action that renews the certificate;

action:
  - service: hassio.addon_restart
    data:
      addon: core_letsencrypt
  - delay:
      hours: 0
      minutes: 5
      seconds: 0
      milliseconds: 0
  - service: hassio.addon_restart
    data:
      addon: core_nginx_proxy
  - delay:
      hours: 0
      minutes: 1
      seconds: 0
      milliseconds: 0
  - service: homeassistant.restart
    data: {}
mode: single

My automation to check for updates:

alias: Let's Encrypt update
description: ''
trigger:
  - platform: time
    at: '05:21'
condition: []
action:
  - service: hassio.addon_start
    data:
      addon: core_letsencrypt
mode: single

In case the renewal would fail for some reason, I’ve also created an automation that monitors the expiry and sends me a notification in case it hasn’t renewed as expected.

alias: 'Error: Let''s Encrypt'
description: Certificate has not been renewed in time
trigger:
  - platform: template
    value_template: >-
      {{(states('sensor.cert_expiry_timestamp_subdomain_example_com')|as_datetime()-now())
      < timedelta(days=29)}}
condition: []
action:
  - service: notify.mobile_app_my_device
    data:
      title: Problem with HTTPS certificate
      message: Check {{ trigger.entity_id }}
mode: single

With this setup, things have now been runing reliable for a year. The notification has turned out to be useful.

Same problem; The marked solution

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

…so comment this out to get HTTP access.

works! Thanks much!