Need external_url for TTS to work?

following this among other discussions, I am still struggling to understand the use of the internal_url.

Apparently the base_url used in TTS defaults to internal_url. Since I dont have that, TTS doesnt work, unless I set

  internal_url: !secret base_url

which is my external_url.
cant TTS use an internal url (local address?)
thanks for helping me out here.

If you’re using SSL in HA then you have to use the external URL so that the certificate matches.

The only time you can use a separate internal and external URL is when you’re using a proxy server AFAIK.

I see, yes, I did see some certificate/security issues fly by.
Funny thing is, everything kept working/talking by keeping the base_url in http: or indeed, as printed above, use the original base_url (which of course is identical to the external_url) as internal_url under homeassistant:

I dont have anything under tts:, but given the config options there, we can also use base_url: external_url :wink:

only question remains why in core.config the internal_url is while I set it to base_url in configuration.yaml. seems to not stick.