No State Change from Konnected Sensors Over SSL in Home Assistant

andrew1 · April 24, 2019, 6:55am

I had all the sensors updating without a problem locally (before duckdns SSL). I’d like to get everything working over duckdns SSL so that I can remotely monitor and set my alarm system.

I believe I have the port forwarding setup correct (TCP 443->443 and TCP 8123->8123 for the raspberry pi IP) and I am able to establish connection from my duckdns domain to my raspberry pi hassio server. Below is a snapshot of my 5 zones from HA (produced from http://<my_domain>.duckdns.org):

I know for certain that the sensors work because I can change the state of the sensor, restart the Home Assistant, and upon wake HA shows the updated sensors state. However, if I change the sensor state while HA is up and running over SSL, the HA doesn’t reflect the changed state.

I ran the logger for the konnected device and was able to query the software/firmware versions from the http://<konnected_IP>:<random port> which is below:

konnected software version: 2.2.6
konnected firmware version: 2.2.6
API Endpoint: https://<my_domain>.duckdns.org:8123/api/konnected

What I think are the important bits of my configuration.yaml is below:

http:
  base_url: https://<my_domain>.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  api_password: !secret http_password

konnected:
  api_host: https://<my_domain>.duckdns.org:8123
  access_token: blahblah
  devices:
    - id: <konnected MAC address>
      binary_sensors:
        - zone: 1
          type: door
          name: Garage/Front Door
        - zone: 2
          type: window
          name: Downstairs Windows
        - zone: 3
          type: door
          name: Back Door
        - zone: 4
          type: window
          name: Master Windows
        - zone: 5
          type: window
          name: Upstairs Back Windows

In addition to Duck DNS add-on, I also installed the NGINX Home Assistant SSL Proxy. The configuration for that is below:
35%20PM

Has anyone else run into this before and could give me some advice?

Thanks!

srk23 · April 24, 2019, 7:36am

I am not running Konnected any more (I have swithced to ESPHome) but I think this relates to internal connections between your konnected node and your home assistant instance needing to be unencrypted.

From Legacy: Set Up Konnected in Home Assistant and Hass.io (0.60 or older) :

Set api_host (new in Hass 0.72) if you’ve also set base_url in your Hass configuration to an external facing hostname. This should be set to the internal host or IP address & port of Home Assistant using http (not https). For example: http://192.168.100.110:8123
This ensures that Konnected talks to Hass exclusively over your local LAN and isn’t dependent on DNS or the internet.

By using the internal IP address of your home assistant server (rather than the duckdns address) over http rather than https, traffic over your internal network is faster and more reliable.

MatthewFlamm · April 24, 2019, 5:49pm

I’m curious to the steps required to transition from Konnected to ESPHome. Do you have a sample config comparison between Konnected and ESPHome? I’ve never implemented a relay in ESPHome, so I’m not sure how complicated the relay functionality on the alarm board is to implement. I need to upgrade my Konnected firmware soon to use the latest functionality, so I’m considering making the switch to ESPHome as well at that point.

I mainly like the idea of having automations being 100% local to the ESP chip without having to rely on the HA instance in addition. It seems much more robust that way.

srk23 · April 24, 2019, 9:00pm

Automations are still run in HA. It is possible to run some locally, but I use the alarm panel and associated automations so this would lose some flexibility and features.

As an example, I have a node to control my sirens/strobes and detect tampers. The original Konnected setup looked like:

# Siren ESP8266
    - id: ##mac##
      switches:
        - pin: 1
          name: 'Internal Siren'
          activation: high
        - pin: 2
          name: 'External Siren'
          activation: high
        - pin: 5
          name: 'External Strobe'
          activation: high
        - pin: 8
          name: 'Warning buzzer'
      binary_sensors:
        - pin: 6
          type: problem
          name: 'PIR Tamper'
        - pin: 7
          type: problem
          name: 'Siren Tamper'

Corresponding ESPHome node looks like:

esphome:
  name: house_siren_node
  platform: ESP8266
  board: nodemcuv2

wifi:
  ssid: ##ssid##
  password: ##pwd##

# Enable logging
logger:

# Enable Home Assistant API
api:
  password:  ##pwd##

ota:
  password: '##pwd##

switch:
  - platform: gpio
    pin: D1
    id: internal_siren
    name: "Internal Siren"
  - platform: gpio
    pin: D2
    id: external_siren
    name: "External Siren"
  - platform: gpio
    pin: D5
    id: external_strobe
    name: "External Strobe"
  - platform: gpio
    pin: D8
    name: "Warning Buzzer"
    id: warning_buzzer

binary_sensor:
  - platform: gpio
    pin:
      number: D6
      mode: INPUT_PULLUP
    device_class: problem
    name: "PIR Tamper"
    id: pir_tamper
  - platform: gpio
    pin:
      number: D7
      mode: INPUT_PULLUP
    device_class: problem
    name: "Siren Tamper"
    id: siren_tamper

kelos-01 · February 19, 2022, 1:38pm

For anyone else having this kind of issue a look here as well Home Assistant + Nginx: Unencrypted Local Traffic