Mobile App can't connect after enabling SSL

OK. First, thank you for your help and fast response. Much appreciated.

I think I have a bit of hurdle. My DSL provider (Germany) is over IPV6, and I have never been successful exposing/publishing external ports. Believe they try and monetize publishing ports. It hasn’t been a real problem for as I’m not hosting anything from my home; leave that to cloud apps (Azure), etc.

Thanks for the advise about the bar-code scanner. I would be keen to understand how your testing goes. I’m tempted to buy a dedicated USB scanner, and I believe that requires another add-on to Grocy – Barcode Buddy?

Thanks again, and let’s keep in touch.

From my understanding, Barcode Buddy will pull in data about the barcode in question much like the MyFitnessPal app. But I think it can work to just accurately scan the code and get the number values. Currently I have been manually adding items by barcode. Tedious but it adds the data accurately. Amazon is quite slow on delivery right now and I have been waiting a month for this scanner. It does USB or Bluetooth so should work well with the tablet. That is the hope anyway. Grocy has really helped out in opening my eyes regarding expiration dates and just plain inventory and usage. I quite like it. Worst case, they do have a windows app if the HA just doesn’t work out. But so far it is tolerable. Now my Z-Wave stuff…whole other thread there lol. Good luck.

Hi Redfish,
If you haven’t solved your problem with connecting locally while having ssl certificates configured, maybe this will help:

I was facing the same problem after configuring the ssl certificates then I converted fullchain.pem to crt, copied it to my mobile, installed the certificate as per the guide and the apps connects now.

THanks I may try that. I really only added SSL to get camera option in Grocy which is quite terrible. But it is nice to be able to connect on the app from outside the network. Adding the interior connection may help with latency on my kitchen tablet. It is an old Kindle Fire 7 and runs a bit slow connecting to grocy via the web. Internal connection might help. Might just need to get a new tablet.

I’ve read this and many other posts but I feel the original question is not really answered.

On my PI I’m running HA 2020.12.1 and everything is fine out of the box. The PI is not exposed to the internet and I did not use any DuckDNS. When I switch to ssl, I create my own certificates and change the configuration.yaml file to

# Configure SSL
  ssl_certificate: /config/fullchain.pem
  ssl_key: /config/privkey.pem

Now connecting via ssl through the desktop on the local network works well. Unfortunately, using the mobile app on Android doesn’t work anymore. The mobile browser on the same device works after confirming the self-signed certificate. So what exactly am I missing here?


I’ve followed @winston.s advice and created a .cert file using the command:

 openssl x509 -outform der -in fullchain.pem -out ha.crt

Then I downloaded the file ha.crt to my Android 11 device and installed it as CA-Certificate. The HA app still doesn’t connect.


In my case I had to enable Hairpin (loopback) on port fowarding in my router settings and now it works on my android app locally calling external url.

You can read or look at your router doc

Thanks @pace666 , now it’s all OK )))
‘Mobile App can’t connect after enabling SSL’ :+1:

1 Like

ok so, breaking change to Neato. HTTPS to access Hassio becomes mandatory. I am running HassOs, so need to install Linux virtual machine because no openssl functionality on HassOs.

I eventually got the https working! But then noticed that mobile app doesn’t work anymore. Should I ditch Neato or Mobile, because it appears you can’t have both anymore?

Ok, so I can have both! Installed NGINX Home Assistant SSL proxy addon and configured it on local network. It appears that now the mobile is able to access without need for certificate and Neato integration remains satisfied with HTTPS being enabled. Can’t say its pretty on any grounds, but guess thats how the world intended it to be.

@mota I think the proposed solution (hairpin) will not work if there is no internet connection. That’s because you will need the internet connection to reach the DuckDNS host and solve your real IP address. Is this correct?

this could be an issue in some situations

Thanks in advance,

How do I copy the fullchain.pem to android?

I used this URL to install on android.

It is stored under ssl in home assistant, but the problem I is how can copy/download it to Android from homeassiatant? I can’t find ssl folder in Samba share of homeassiatant.

to download files from Homeassistant to Windows using SSH/SCP

  1. Download WinSCP from WinSCP :: Official Site :: Download
  2. Install WinSCP using typical setting.
  3. Use your SSH username and password from SSH & Web Terminal configuration.
  4. download whichever file you need. In my case, it ws Ha.crt

I was able to successfully download the certificate using WinCP , and upload it to android via airdroid. Installed the certificate in Samsung galaxy S8 but I still can’t access homeassistant via the android app, even though I can easily accessit through chrome on Samsung galaxy S8.

My current status is still unable to access HA from the android app after installing certificates.