Need Help with Rest API and HTTPS Post

Hello,

First time posting and using HA. Running HA on rasbian stretch lite on a Rpi 3b+. I was using the rest api to send a command to turn a light on or off to my local server using the http version and local IP. It was working great.

I then went and setup my HA to use https with duckdns. Got it all setup and working but it broke my rest api. I changed my rest api command to use https://myname.duckdns.org:8123 and also put a reference to the local ip in my host file. But the command stopped working.

The program I’m trying to connect from is Home Control Assistant. It has an option to use an element for http post. Basically when I was using http I was sending http://xxx.xxx.xxx.xxx:8123/api/services/light/turn_on?api_password=******** with data of {“entity_id”:“light.blahblahblah”} and it worked. When I setup HA to use https all I did was change http to https and it stopped working.

I also tried using my duckdns address with the host file reference and it still doesn’t work.
The log from home control assistant shows the HttpSendRequest failed 12029 if that means anything to anyone.

I just don’t know why https would make a difference. Anyone have any ideas?

The certificate is specific to the address. I.e., it’s only valid for myname.duckdns.org, so you have to use that in your REST URL: https://myname.duckdns.org:8123/api/services/light/turn_on?api_password=***. At least that’s how I understand it. And I’m not sure you should have an entry in your local hosts file that translates that URL to the internal (LAN) IP address.

E.g., if I do the following from my LAN:

curl https://REDACTED.duckdns.org:8123/api/?api_password=REDACTED

It works. But if I do this:

curl https://LOCAL_IP_ADDRESS:8123/api/?api_password=REDACTED

I get:

curl: (51) SSL: no alternative certificate subject name matches target host name 'LOCAL_IP_ADDRESS'

Thanks for the reply. I did use my duckdns domain and still have problems.

I tried your examples from the computer I’m trying to connect from.
curl https://********.duckdns.org:8123/api/?api_password=********
With the host file reference in place I get:
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

If I remove the host file reference and clear my dns cache I get the same message.

Sounds like the root certificates on the computer you’re running this curl command on doesn’t include Let’s Encrypt. I’m no security expert, but I think that’s the general problem. Try putting the URL in a web browser on another computer on the same network as a test; it should work there.

Used the url in firefox on the problem computer and got a message API running.
Got the same message on another computer on the same internal network.

So the URL is correct, it’s just that the program trying to send it (or the network stack it’s using) doesn’t seem to have access to the proper root certificates. Sorry, that about exhausts my knowledge.

THanks. It’s an old Win7 32-bit install. THere are a ton of updates. I’ll run those and see what I get.

The answers are in there!