Easiest setup is through the zero trust dashboard. Add the subdomain to your tunnel there. Make sure you have no cnames in your dns records for it which are the same you are going to use with tunnels.
I had the same issue/error … tried to do it and re-doit 5 times, till I gave up…
then 2 days later, my google home speaker starter to work fine… curious I looked int o Google home app and magically, what was not recognized it is now there… I feel there have been some “dns refreshing” delay or some sort of it… anybody can share more light on this?
Waiting isn’t the solution up to now.
Since I can see the Home assistant in the Google Home app, except when select the [test]HomeAssistant it loads a page but quickly closes it and telling me it can’t connect.
Maybe it’s something in my network? Maybe it’s something in the HA config to allow cloudflare IP’s? I’m just not sure. The latter I doubt, since I can visit my HA when I am away through a browser or the app, so HA is not blocking any IP’s.
Hello!
Guys, sorry i asked here but i have no idea where to ask 
i asked everywhere
First of all i will show you my setup - LTE Internet with blocked ports, ddnat. I am using Cloudflare to get inside my network and it is working fine. Traccar web ui site is workign good, even gps tracking my phone by app on phone “traccar client” is working fine.
The problem is with GPS tracker - S20 Wanway tracker. Its comunicate by 5023 port which i created a tunnel but it is not working
This is part of log:
2023-04-22T12:59:58Z ERR error="Incoming request ended abruptly: context canceled" cfRay=7bbe0bd04eb5b14e-ATL event=1 ingressRule=4 originService=http://192.168.1.10:5023
2023-04-22T12:59:58Z ERR Request failed error="Incoming request ended abruptly: context canceled" connIndex=3 dest=https://traccardevices.domena.ga/ event=0 ip=198.41.192.27 type=http
2023-04-22T13:00:03Z ERR error="Incoming request ended abruptly: context canceled" cfRay=7bbe0c0c2edf452b-ATL event=1 ingressRule=4 originService=http://192.168.1.10:5023
2023-04-22T13:00:03Z ERR Request failed error="Incoming request ended abruptly: context canceled" connIndex=2 dest=http://traccardevices.domena.ga/ event=0 ip=198.41.200.113 type=http
2023-04-22T13:00:18Z ERR error="Incoming request ended abruptly: context canceled" cfRay=7bbe0c4cbce2addd-ATL event=1 ingressRule=4 originService=http://192.168.1.10:5023
2023-04-22T13:00:18Z ERR Request failed error="Incoming request ended abruptly: context canceled" connIndex=3 dest=https://traccardevices.domena.ga/ event=0 ip=198.41.192.27 type=http
2023-04-22T13:00:48Z ERR error="Incoming request ended abruptly: context canceled" cfRay=7bbe0d08b8c71f9d-ATL event=1 ingressRule=4 originService=http://192.168.1.10:5023
2023-04-22T13:00:48Z ERR Request failed error="Incoming request ended abruptly: context canceled" connIndex=1 dest=https://traccardevices.domena.ga/ event=0 ip=198.41.192.67 type=http
2023-04-22T13:03:00Z ERR error="Incoming request ended abruptly: context canceled" cfRay=7bbe0e090ea5e54a-DFW event=1 ingressRule=4 originService=http://192.168.1.10:5023
2023-04-22T13:03:00Z ERR Request failed error="Incoming request ended abruptly: context canceled" connIndex=3 dest=http://traccardevices.domena.ga/robots.txt event=0 ip=198.41.192.27 type=http
2023-04-22T13:03:00Z ERR error="Incoming request ended abruptly: context canceled" cfRay=7bbe0e0c888d3548-WAW event=1 ingressRule=4 originService=http://192.168.1.10:5023
2023-04-22T13:03:00Z ERR Request failed error="Incoming request ended abruptly: context canceled" connIndex=2 dest=http://traccardevices.domena.ga/ event=0 ip=198.41.200.113 type=http
Guys, so mby it will be easier if i wrote you down my goal.
I would like to use selfhosted traccar (by ha addon) with gps tracker who can comunicate through ddnat using cloudflare addon. Mby there is someone who did that.
To answer and own question and have found the solution, I am able to access my local network while away from home using Cloudflared + Warp mobile app AND block ads. While some may not like the idea of using a mobile vpn client app (Warp), I am ok with it since that was how I access my network using the ios native vpn before.
I followed this guide to access my local network. Once enabled, I am able to use the browser and access all my local network. If you have Termius app on mobile or similar, you can also connect to your server. While the first is great, I wanted a way to block ads on my mobile device. The solution to that is from this guide.
Warp (1.1.1.1) disabled
Warp (1.1.1.1) enabled
Hello there! I have been using this add-on for a while, but I am looking to enable https locally. It appears https locally is required for the microphone component of Assist to work (Microphone in chrome dont work with Assist).
Is there a way for me to download the origin certificate and private key into home assistant to enable https?
I’m also interested in this as I have a Teltonika tracker on order.
If you haven’t already, you need to enable the protocol for your tracker in the traccar.xml config file:
If already done, have you tried a new subdomain pointing to port 5023 for your tracker devices? E.g. in your additional hosts section in the cloudlfared addon:
- hostname: traccarpanel.mydomain.online
service: http://192.168.0.109:8082
- hostname: traccartracker.mydomain.online
service: http://192.168.0.109:5023
Then set your tracker to report to traccartracker.mydomain.online.
When I get my tracker later this week I will give it a try.
I tried to connect HA using cloudflared via alexa skill I just created like in this video Alexa with Home Assistant Local for FREE Without Subscription - YouTube
but no device detected in my alexa. I have many devices connected to my HA.
can anyone help me? please…
never mind… I no longer use cloudflared
To answer my own question - this didn’t work. Couldn’t get data flowing no matter which port I used in the tracker. In the end, had to set a subdomain to point to my fixed IP and open up the port on my router.
Yep, i had this same problem 
looks like cloudlfare is blocking data transfer?
More likely missing exceptions in the zero-trust configuration.
ye mby, but mby u have a solution what to do?
Hello everyone. I have installed the addon today and apparently it does not start; the indicator light stays red, however I seamlessly connect from outside and inside my network to my Home Assistan instance using the tunnel created in Cloudflare. These are the addon logs.
Can you help me with this? Thank you.
Add-on: Cloudflared
Use a Cloudflare Tunnel to remotely connect to Home Assistant without opening any ports
Add-on version: 4.1.5
You are running the latest version of this add-on.
System: Home Assistant OS 10.1 (amd64 / generic-x86-64)
Home Assistant Core: 2023.5.3
Home Assistant Supervisor: 2023.04.1
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
[07:31:50] INFO: Checking add-on config…
[07:31:50] INFO: Checking for existing certificate…
[07:31:50] NOTICE: No certificate found
[07:31:50] INFO: Creating new certificate…
[07:31:50] NOTICE:
[07:31:50] NOTICE: Please follow the Cloudflare Auth-Steps:
[07:31:50] NOTICE:
Please open the following URL and log in with your Cloudflare account:
https://dash.cloudflare.com/argotunnel?aud=&callback=https%3A%2F%2Flogin.cloudflareaccess.org%2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%3D
Leave cloudflared running to download the cert automatically.
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
/root/.cloudflared/cert.pem
[07:32:14] INFO: Authentication successfull, moving auth file to the ‘/data’ folder
[07:32:14] INFO: Checking for existing certificate…
[07:32:14] INFO: Existing certificate found
[07:32:14] INFO: Checking for existing tunnel…
[07:32:14] NOTICE: No tunnel file found
[07:32:14] INFO: Creating new tunnel…
Tunnel credentials written to /data/tunnel.json. Keep this file secret. To revoke these credentials, delete the tunnel.
Created tunnel homeassistant with id xxxxxxxx-1097-4b07-b3b8-xxxxxxxxxx
[07:32:15] INFO: Checking for existing tunnel…
[07:32:15] INFO: Existing tunnel with ID xxxxxxxx-1097-4b07-b3b8-xxxxxxxxxx found
[07:32:15] INFO: Checking if existing tunnel matches name given in config
[07:32:15] INFO: Existing Cloudflare Tunnel name matches config, proceeding with existing tunnel file
[07:32:15] INFO: Creating config file…
[07:32:16] INFO: Validating config file…
Validating rules from /tmp/config.json
OK
[07:32:16] INFO: Creating DNS entry mydominio.space…
2023-05-16T12:32:17Z INF Added CNAME mydominio.space which will route to this tunnel tunnelID=xxxxxxxx-1097-4b07-b3b8-xxxxxxxxxx
[07:32:17] INFO: Finished setting up the Cloudflare Tunnel
[07:32:17] INFO: Connecting Cloudflare Tunnel…
2023-05-16T12:32:17Z INF Starting tunnel tunnelID=xxxxxxxx-1097-4b07-b3b8-xxxxxxxxxx
2023-05-16T12:32:17Z INF Version 2023.5.0
2023-05-16T12:32:17Z INF GOOS: linux, GOVersion: go1.19.6, GoArch: amd64
2023-05-16T12:32:17Z INF Settings: map[config:/tmp/config.json cred-file:/data/tunnel.json credentials-file:/data/tunnel.json loglevel:info metrics:0.0.0.0:36500 no-autoupdate:true origincert:/data/cert.pem]
2023-05-16T12:32:17Z INF Generated Connector ID: xxxxxxxx-4f9a-44a7-848e-xxxxxxxxxx
2023-05-16T12:32:17Z INF Initial protocol quic
2023-05-16T12:32:17Z INF ICMP proxy will use 172.30.33.11 as source for IPv4
2023-05-16T12:32:17Z INF ICMP proxy will use :: as source for IPv6
2023-05-16T12:32:17Z INF Starting metrics server on [::]:36500/metrics
2023-05-16T12:32:18Z INF Registered tunnel connection connIndex=0 connection=c75d2cc8-5d9a-4aa6-a8e6-xxxxxxxxxxx event=0 ip=198.41.xxx.xxx location=IAD protocol=quic
2023-05-16T12:32:18Z INF Registered tunnel connection connIndex=1 connection=518b5010-f61c-4f81-a9f4-xxxxxxxxxxx event=0 ip=198.41.xxx.xxx location=MIA protocol=quic
2023-05-16T12:32:19Z INF Registered tunnel connection connIndex=2 connection=937d95a7-bd62-4a7b-aed2-xxxxxxxxxxx event=0 ip=198.41.xxx.xxx location=IAD protocol=quic
2023-05-16T12:32:20Z INF Registered tunnel connection connIndex=3 connection=fa86c2ad-8d7e-4470-9133-xxxxxxxxxxx event=0 ip=198.41.xxx.xxx location=MIA protocol=quic
Does anybody have a write-up about how to use this plugin with nginx-proxy-manager? I’ve successfully created a tunnel, and can access my Home Assistant instance, but how do I connect it all together? 
Can’t install the plugin. Get this error:
What can I do now?
This may have been answered above but I can’t find it in such a long thread. I was happily using cloudflared using a free domain from freenom but they went belly up so I’ve finally got round to getting myself a domain. I’ve tried to set up using the new domain (I’ve called it subdomain.domain.tl below) but I get the following error. I’m guessing it’s still trying to use the old credentials from the previous domain, if so how do I clear them and get it to use my new domain? Thanks
Add-on version: 4.1.9
You are running the latest version of this add-on.
System: Home Assistant OS 10.3 (aarch64 / raspberrypi4-64)
Home Assistant Core: 2023.6.3
Home Assistant Supervisor: 2023.06.4
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[09:44:27] INFO: Checking add-on config...
[09:44:28] INFO: Checking for existing certificate...
[09:44:28] INFO: Existing certificate found
[09:44:28] INFO: Checking for existing tunnel...
[09:44:28] INFO: Existing tunnel with ID ***deleted*** found
[09:44:28] INFO: Checking if existing tunnel matches name given in config
[09:44:30] INFO: Existing Cloudflare Tunnel name matches config, proceeding with existing tunnel file
[09:44:30] INFO: Creating config file...
[09:44:32] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[09:44:32] INFO: Creating DNS entry subdomain.domain.tl...
Failed to add route: code: 10000, reason: Authentication error
[09:44:33] FATAL: Failed to create DNS entry subdomain.mydomain.tl.
s6-rc: warning: unable to start service init-cloudflared-config: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
/run/s6/basedir/scripts/rc.init: fatal: stopping the container.
Bad form to reply to your own post I know. I solved this by reinstalling the addon and also deleting the original tunnel on the cloudflare website.
Hello everyone, I had installed the addon and everything worked perfectly.
Then, when I moved whole installation to a new place with a new router, the external site stopped working, and now throws “DNS_PROBE_POSSIBLE”.
I removed the addon, the tunnel and the DNS registery and reinstalled everything with the “manual” tunnel installation and the “managed” tunnel installation, and it still throws “DNS_PROBE_POSSIBLE”.
Do you have any idea ?
-----------------------------------------------------------
Add-on: Cloudflared
Use a Cloudflare Tunnel to remotely connect to Home Assistant without opening any ports
-----------------------------------------------------------
Add-on version: 4.1.9
You are running the latest version of this add-on.
System: Home Assistant OS 10.3 (aarch64 / raspberrypi3-64)
Home Assistant Core: 2023.7.1
Home Assistant Supervisor: 2023.07.1
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[23:58:28] INFO: Checking add-on config...
[23:58:31] INFO: Checking for existing certificate...
[23:58:31] INFO: Existing certificate found
[23:58:31] INFO: Checking for existing tunnel...
[23:58:32] INFO: Existing tunnel with ID 9cab9505-4c02-41fd-86f0-xxxxxxxx found
[23:58:32] INFO: Checking if existing tunnel matches name given in config
2023-07-11T21:58:33Z WRN Your version 2023.6.1 is outdated. We recommend upgrading it to 2023.7.0
[23:58:33] INFO: Existing Cloudflare Tunnel name matches config, proceeding with existing tunnel file
[23:58:33] INFO: Creating config file...
[23:58:39] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[23:58:40] INFO: Creating DNS entry example.com...
2023-07-11T21:58:42Z INF Added CNAME example.com which will route to this tunnel tunnelID=9cab9505-4c02-41fd-86f0-xxxxxxxx
[23:58:42] INFO: Finished setting up the Cloudflare Tunnel
[23:58:44] INFO: Connecting Cloudflare Tunnel...
2023-07-11T21:58:44Z INF Starting tunnel tunnelID=9cab9505-4c02-41fd-86f0-xxxxxxxxx
2023-07-11T21:58:44Z INF Version 2023.6.1
2023-07-11T21:58:44Z INF GOOS: linux, GOVersion: go1.19.6, GoArch: arm64
2023-07-11T21:58:44Z INF Settings: map[config:/tmp/config.json cred-file:/data/tunnel.json credentials-file:/data/tunnel.json loglevel:info metrics:0.0.0.0:36500 no-autoupdate:true origincert:/data/cert.pem]
2023-07-11T21:58:44Z INF Generated Connector ID: cf7b9de6-0bef-46ef-xxxxxxxxx
2023-07-11T21:58:44Z INF Initial protocol quic
2023-07-11T21:58:44Z INF ICMP proxy will use 172.30.33.0 as source for IPv4
2023-07-11T21:58:44Z INF ICMP proxy will use :: as source for IPv6
2023-07-11T21:58:44Z WRN Your version 2023.6.1 is outdated. We recommend upgrading it to 2023.7.0
2023-07-11T21:58:44Z INF Starting metrics server on [::]:36500/metrics
2023-07-11T21:58:45Z INF Registered tunnel connection connIndex=0 connection=6da807d4-3105-466e-81f5-xxxxxxxxxx event=0 ip=198.41.192.xx location=FRA protocol=quic
2023-07-11T21:58:45Z INF Registered tunnel connection connIndex=1 connection=bd37ec59-1708-40b7-829c-xxxxxxxxxxx event=0 ip=198.41.200.xx location=MRS protocol=quic
2023-07-11T21:58:46Z INF Registered tunnel connection connIndex=2 connection=b0185ac8-abbd-4353-98f8-xxxxxxxxxxxx event=0 ip=198.41.192.xxx location=FRA protocol=quic
2023-07-11T21:58:47Z INF Registered tunnel connection connIndex=3 connection=3e18b97d-fad9-4759-9975-xxxxxx event=0 ip=198.41.200.xx location=MRS protocol=quic
2023-07-12T03:45:31Z INF Unregistered tunnel connection connIndex=0 event=0 ip=198.41.192.xx
2023-07-12T03:45:31Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=0 event=0 ip=198.41.192.xx
2023-07-12T03:45:31Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=0 event=0 ip=198.41.192.xx
2023-07-12T03:45:31Z INF Retrying connection in up to 1s connIndex=0 event=0 ip=198.41.192.xx
2023-07-12T03:45:33Z INF Registered tunnel connection connIndex=0 connection=7699129f-485b-40b2-8cab-xxxxxxxxxxxxx event=0 ip=198.41.192.x location=FRA protocol=quic
/config/configuration.yaml
# Loads default set of integrations. Do not remove.
default_config:
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
# Text-to-speech
tts:
- platform: google_translate
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
Tunnel :
I can’t show my DNS registery nor my domain manger nameservers because of the media limit but they seem to be fine.
I’ve been using this add on for a while now, and have just noticed that traffic can be quite slow through the tunnel. In particular, I run frigate and when I stream recordings back from the HA web interface they are very slow compared to a direct connection through my internal LAN. I know that cloudflare doesn’t like you streaming through a tunnel, so perhaps not suprising.
So…is there a way to redirect internal LAN requests directly rather than via the tunnel, whilst still using the domain? My first thought was to use Pihole to catch internal DNS requests and route them directly, but of course that only works to an IP, and not a specific port. So I can catch requests to ha.mydomain.com and send them to the IP of my HA server, but only to port 80 and not to port 8123 specifically.
Is there a way to do this? An internal proxy that takes requests to port 80 on my HA server and redirects them to 8123?