I am trying to check out Grocy add on and I had to enable SSL in order to get the camera to work on my Android. Wanted to see how it all works before I drop a few bucks on a bar code scanner. So I created a cert via OpenSSL per the instructions and added this into my conf. I can use https now via the website but the mobile app won’t connect. Wants me to check config. I am not running any DNS or anything. I just have my RPi on local network. so my connection is the 192.168.x.x:8123. I have tried https as well and still no go. I suspect I have to do something on my phone since the cert was unsigned but what? Am I supposed to manually load one of the pem files?
I followed the instructions here. I created the self signed cert with my local IP. Copied both pem files into the ssl directory. Updated the configuration.yaml and rebooted. I can access via the browser on the https://192.168.x.x:8123.
On my Android I can open chrome, go to the address. I get the standard unsigned complaint but I can select proceed and log in. In the mobile companion app, I get error “unable to connect to home assistant” I click ok to check config. The HA URL iand Internal Connect URL are https://192.168.x.x:8123. I have the Home Network WiFi SSID filled out, although mine is hidden. Not sure if that makes a difference. I am guessing that the unsigned cert is the problem and the HA app is unable to allow the exception like the browser?
What is the better option here? I want to make sure I am setting this up correctly and securely but I seem to hit these configuration road blocks at every step. Is there a good consolidated guide that discusses how to get HA set up correctly rather than having to research each component? I have started trying ti put together a list of all the things I am doing so I can re-create when it goes south.
I’ve tried to reproduce your case, and it seems that I have the same problem!
once I configure only the internal IP on the app, I cannot access my hassio
I get access only with the external duckdns domain, strange!
Well glad it is not just me lol. Is the mobile app not working on https even with a domain? I thought about buying a domain so I could get a signed cert. To be honest I am not to hip on all this, which is why I was hoping for some sort of guide on setting up Hassio correctly. Install the OS, install these plugins, configure this duckdns, certs…that sort of thing.
Hmm well that quite unfortunate. I will have to look into re-configuring my network to make this all work. For now I just open chrome on my phone. Basically bypass the Companion App until I can fix it.
if you want a temporary solution using the HA mobile app, you can fill in the duckdns domain in the HA URL field and leave the rest (Home Network wifi SSID & Internal Connection URL) blank,
this way you’re making a dns query on the duckdns server asking for your HA ip, unless you configure your router with a hairpinning (or NAT loopback) configuration
I have not set up DuckDNS though. So backtracking at this point. I need to go back and configure DuckDNS and I guess set up LetsEncrypt first? Started making an install guide as I think I missed a few steps along the way.
I set up duckdns per that guide and it seems to be working now as long as I have the duckdns info in external. Adding any local information causes the app to fail to connect. So I guess it works only with the external connection using SSL. Is what it is I guess.
Guide?? Perhaps lol. Did you create the account with duckdns, install the add on and update the config with your token and domain? From there make sure you have the privkey and fullchain pem files in your ssl folder? Are you getting any errors on the add on?? or is the problem just in the mobile app?
Hi Redfish,
Thanks for pointer in right direction. I think I know have DuckDNS configured and working. Below are log files, however I really don’t want to access externally. I just wanted to add https:// to my local address. But I don’t know how to apply to my local 192.168.x.x:8123 via DuckDNS/Let’s Encrypt. Can you guide me on any config or is it supposed to happen automatically.
Net: The whole reason I want to set this up is to use Grocy add-in. Their scanning page requires https://
Thank you in Advance!
# INFO: Using main config file /data/workdir/config
+ Generating account key...
+ Registering account key with ACME server...
+ Fetching account ID...
+ Done!
[15:50:29] INFO: OK
<IP Snip>
NOCHANGE
# INFO: Using main config file /data/workdir/config
+ Creating chain cache directory /data/workdir/chains
Processing <domain>.duckdns.org
+ Creating new directory /data/letsencrypt/<domain>.duckdns.org ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for <domain>.duckdns.org
+ 1 pending challenge(s)
+ Deploying challenge tokens...
OK + Responding to challenge for <domain>.duckdns.org authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
OK + Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
+ Done!
[15:55:47] INFO: OK
<IP Snip>
So once you have https enabled, in the app you don’t use a local address. You have to always Home Assistant URL and leave internal connection as blank. You will always connect over the internet then. Apparently you can make some changes on the router to fix this. Essentailly it tells the traffic to your URL to route locally I guess. I have not messed with this.
I enabled https for Grocy as well because I wanted the camera to scan barcodes. To be honest, it is a bit rubbish. I have ordered a barcode scanner and just waiting on delivery. Provides that works well with my little kitchen tablet, I might disable https and go back to using internal address only. I have quite the delay on my Kindle Fire 7 when trying to access and use grocy via the URL. I suspect this is due to the latency from tablet, to internet, back to HA. it is usable but pretty bad. Could be the tablet I am not sure. Before I invest in a better tablet, I will try to disable the whole internet thing and see if it speeds up.