I have exactly the same issues. Did you resolve it?
Try this:
- Go to Cloudflare dashboard.
- Select your zone that hosts your HA subdomain
- In the left sidebar, go to Caching → Configuration
- Within the “Purge Cache” section, select “Custom purge”
- In the modal, select “Hostname” and enter your HA hostname into the text box.
- Confirm by clicking “Purge”
Thanks that worked for me
Apologies for the cross post as I only just found this thread but when my router resets and hence, breaks the tunnel - it does not resolve itself and I can only restart the tunnel by restarting Home Assistant which is clearly difficult when I’m remote.
I’m sure it’s something I am doing wrong but I can’t figure out what it is. Could someone give some advice?
Is this not supported as a HACS integration? When I add the repository I get this error: <Integration brenner-tobias/addon-cloudflared> Repository structure for v5.3.9 is not compliant.
well because it’s an addon, not an integration.
Im running Home Assistant in a Docker container so how can I install this?
Install HAOS instead.
I suddenly get that this error screen in the Homeassistent App since some point yesterday. I’m using the Local tunnel setup.
Accessing hass through the browser on the same domain still works fine on both the same phone as well as other devices (with the certificate being valid)
The app also works totally fine on another phone with the domain, it’s only this specific pixel 7 with this domain with which the App doesn’t work anymore. I also connecting to a Friends instance that’s also tunneled through Cloudflare and that also works. I also already tried deleting cache/data/reinstalling/restarting but that didn’t help. I tried connecting through Tail scale in the app which worked fine. I didn’t change anything about my setup, especially not when it stopped working.
Hi,
i have got the same problem yesterday. Suddently the remote access stopped working on my phone.
Browser and other phones using the app with the cloudflare connection are still working and dont have any issues.
My Samsung Galaxy S22 has the error message on the screen like etillxd mentioned. Nothing helped and i have already invested several ours in changing cloudflare settings, restarting and reinstalling HA addon, requesting new certificates, …
After this error occured I also updated the addon to v6.0.0 → no difference.
Maybe someone can help? I dont have any ideas how to solve this anymore
Thanks!
I have a problem with the Home Assistant Android app.
Using the combination of mTLS client certificate + Cloudflared, when I log into the app, it immediately shows “Unable to connect”.
If I tap “Retry now”, it connects successfully. Everything works fine after that — but it’s annoying to have to press Retry every time.
There’s nothing interesting in the logs.
What I’ve tried to troubleshoot the issue:
-
Older versions of Cloudflared
-
Both “remote” and “local” tunnel modes
-
Running Cloudflared as a standalone container instead of the Home Assistant add-on
-
Different versions of the Home Assistant Android app
-
Various Cloudflared configuration flags (HTTP/2, etc.)
What helps (temporarily or fully):
-
Disabling the mTLS client certificate completely removes the issue
-
Clearing the Android app cache helps for a short time
-
Most importantly: using an older Android WebView version on the phone completely fixes the issue.
However, the problem returns with any newer WebView version (stable, beta, or dev).
It’s not a long-term solution, since the old WebView eventually auto-updates.
I know it’s a long shot, but maybe someone has encountered this before or knows a workaround.
Thanks in advance!
I’ve tried the same and am having the same problem. I got it to work once and then it failed later. Web browsers hit the site fine, but the app fails.
I’m hoping someone finds a solution soon. My conspiracy mind thinks they want the app to work poorly for any ‘free’ solutions as to push more people to ‘Home Assistant Cloud’ so they can get a kick back. It’s in their financial interest to produce a crippled product.
How do you expose other addons?
Bro you are GOATED, this is such a slam dunk. This solution is leagues better than those parroting “uSe DuCkDnS aNd LeTs EnCryPt”. Life saver for anyone living in place with ISP that doesn’t let you forward your ports. And get HTTPS for an added bonus 
1 Like
Hello - I’ve been wrestling with getting additional hosts working … however I just needed a bit more patience, as it took about 15mins for everything to work despite the additional CNAME showing -up in the console quickly.
Hope this helps someone and thank you to everyone who maintains this fantastic add-on, Cheers!
Hi, I’m having an issue with the tunnel. A couple of days ago, it just stopped working, and going to my domain returns ERR_CONNECTION_REFUSED in the browser. I’ve completely restarted the setup following the simple instructions on the GitHub page. The Connector in the Cloudflared dashboard says Healthy, and the add-on logs don’t show any errors and they say Registered tunnel connection.
I’m at a complete loss. In what direction should I start looking next? Is it something within Cloudflare to do with my domain? Other non-cloudflared tunnel services on the domain work fine.
Here are the container logs anyway:
-----------------------------------------------------------
App: Cloudflared
Use a Cloudflare Tunnel to remotely connect to Home Assistant without opening any ports
-----------------------------------------------------------
App version: 7.0.2
You are running the latest version of this app.
System: Home Assistant OS 17.0 (amd64 / qemux86-64)
Home Assistant Core: 2026.1.3
Home Assistant Supervisor: 2026.01.1
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[17:25:33] INFO: Validating app (add-on) configuration...
[17:25:33] INFO: Checking for existing certificate...
[17:25:33] INFO: Existing certificate found
[17:25:33] INFO: Checking for existing tunnel...
[17:25:33] INFO: Existing tunnel with ID ********-****-****-****-************ found
[17:25:33] INFO: Checking if existing tunnel matches name given in config
[17:25:33] INFO: Existing Cloudflare Tunnel name matches config, proceeding with existing tunnel file
[17:25:33] INFO: Creating config file...
[17:25:33] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[17:25:34] INFO: Creating DNS entry {ha.example.com}...
2026-01-30T04:25:35Z INF {ha.example.com} is already configured to route to your tunnel tunnelID=********-****-****-****-************
[17:25:35] INFO: Finished setting up the Cloudflare Tunnel
[17:25:35] INFO: Connecting Cloudflare Tunnel...
2026-01-30T04:25:35Z INF Starting tunnel tunnelID=********-****-****-****-************
2026-01-30T04:25:35Z INF Version 2026.1.2 (Checksum e157c54e929cc289cbd53860453168c2fe3439eb55e2e965a56579252585d9c1)
2026-01-30T04:25:35Z INF GOOS: linux, GOVersion: go1.24.11, GoArch: amd64
2026-01-30T04:25:35Z INF Settings: map[config:/tmp/config.json cred-file:/data/tunnel.json credentials-file:/data/tunnel.json metrics:0.0.0.0:36500 no-autoupdate:true origincert:/data/cert.pem]
2026-01-30T04:25:35Z INF Generated Connector ID: ********-****-****-****-************
2026-01-30T04:25:35Z INF Initial protocol quic
2026-01-30T04:25:35Z INF ICMP proxy will use 172.30.33.2 as source for IPv4
2026-01-30T04:25:35Z INF ICMP proxy will use ::1 in zone lo as source for IPv6
2026-01-30T04:25:35Z INF ICMP proxy will use 172.30.33.2 as source for IPv4
2026-01-30T04:25:35Z INF ICMP proxy will use ::1 in zone lo as source for IPv6
2026-01-30T04:25:35Z INF Starting metrics server on [::]:36500/metrics
2026-01-30T04:25:35Z INF Tunnel connection curve preferences: [X25519MLKEM768 CurveP256] connIndex=0 event=0 ip=198.41.***.***
2026-01-30T04:25:35Z INF Registered tunnel connection connIndex=0 connection=b0fff6cb-72a6-4cf7-8c8d-b9975cfa9797 event=0 ip=198.41.***.*** location=mel02 protocol=quic
2026-01-30T04:25:35Z INF Tunnel connection curve preferences: [X25519MLKEM768 CurveP256] connIndex=1 event=0 ip=198.41.***.***
2026-01-30T04:25:36Z INF Registered tunnel connection connIndex=1 connection=0523cee5-1b9f-4b0a-a964-b046d79a988e event=0 ip=198.41.***.***location=akl01 protocol=quic
2026-01-30T04:25:36Z INF Tunnel connection curve preferences: [X25519MLKEM768 CurveP256] connIndex=2 event=0 ip=198.41.***.***
2026-01-30T04:25:37Z INF Registered tunnel connection connIndex=2 connection=217c0a9c-8248-4a6b-95a1-721e4b2cb44d event=0 ip=198.41.***.*** location=mel01 protocol=quic
2026-01-30T04:25:37Z INF Tunnel connection curve preferences: [X25519MLKEM768 CurveP256] connIndex=3 event=0 ip=198.41.***.***
2026-01-30T04:25:38Z INF Registered tunnel connection connIndex=3 connection=f178b8dd-f247-4c8f-9200-8ddb21356106 event=0 ip=198.41.***.*** location=akl01 protocol=quic
Could be related to this?
I am struggling to get cloudflared working on a new instance which I want to move to friends. The Tunnel is Healthy in the cloudflare dashboard but when I try to connect, it shows a Host Error. The logs say
ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8123: connect: connection refused" connIndex=2 dest=https://*******/ event=0 ip=198.41.200.53 type=http
I used the loopback address so I can move the machine. However even if I add the local IP address it isn’t working, below.
Config.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24 # Standard internal HA network
- 127.0.0.1 #
- 192.168.0.72 # local IP
I have restarted the machine, the router, and waited all day in case it sorted itself out.
Please can someone explain what I am doing wrong?
127.0.0.1:8123
Cloudflared is installed as addon within ha os? Or external machine? Could you also send the addon config what the settings look like…
Thanks for getting back to me. Yes Cloudflared is set-up as an add-on, but I’ve set-up the tunnel first on Cloudflared as the sub domain is the one used by my own machine. So the config for the remote tunnel in the add-on is just the tunnel token.
BTW I did try localhost:8123 first, but that appeared to use the ipv6 loopback address and failed just the same