Hello, I have home assistant (latest version) running on a Raspberry Pi. So far everything works fine. I can access home assistant via duckdns. When I access the site on my phone, everything works as it should. Even if I use the app that is installed on the phone, everything works. But the App on the Tablet does not work. I can also access my Home Assistant via Google Chrome. When I try to log in via the app, I also end up on the Home assistant login page. But as soon as I try to log in, I get the error āssl handshake failedā
# Loads default set of integrations. Do remove.
default_config:
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
ip_ban_enabled: true
login_attempts_threshold: 5
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
Hello, itĀ“s an letĀ“s encrypt cert via duckdns app.
Android Tablet
i try via https://name.duckdns.org
When i try to connect via the local ip i cant even see the login page with the app.
It seems that the App cant find home assistant in my network. Normaly, when i start the App at the first time, HA suggest me the domain and i just can click on ānextā
But even there i have to fill it out manually
It works on every Device (iPhone, PC, Huawei Phone) via the app. Only on that Tablet it shows me that error.
There is the Log from my Duckdns Logfile:
NOCHANGE
[17:58:04] INFO: Renew certificate for domains: removed.duckdns.org and aliases:
# INFO: Using main config file /data/workdir/config
Processing removed.duckdns.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Nov 9 18:00:28 2022 GMT (Longer than 30 days). Skipping renew!
[18:04:08] INFO: OK
Is the time/date correct on that android tablet? logcat is the android system logs. you can access it via āadbā or an app like ālog cat viewerā if the necessary permissions are granted. That, I think, is what youāll really need to understand why the tablet isnāt able to connect via ssl.
The log above is the renewal. I was more asking about the home assistant logs.
HI Lars,
I had a similar situation when using a old Android tablet that didnāt had a OS upgrade for so time (Android 4.xx)
It worked with Opera for some time but them I had to drop it ā¦ too slow.
the simptoms you are describing is almost like a browser handshacking topic
thanks 4 your reply. mhm that could be possible. I got an old Huawei MediaPad T3 10 with Android 7 (EMIU 5.1)
unfortunately there are no more Updates supported for this device.
And since huawei no longer gives out bootloader codes, I canāt root/flash either
If memory serves meā¦ Older android web didnāt mind self-signed certificates. In your case, you have added the certificates directly to HA instead of using a proxy like nginx proxy managerā¦ If you had used nginx I wonder if you could have added an additional listening port with a self-signed certificate and used it on that tablet (local only!)ā¦ Never tried it. but Iād guess it would work in a browser at a minimum and potentially in the app but not sure.
The thing is i allready can connect to home assistant via google chrome and kiosk manager. So i am able to use HA via the Tablet. I only wanted to install the app so i can add the sensor from the tablet to ha
the app already does the part where the user needs to provide their CA, check your device manual for how to do it. On a pixel you follow these steps but other devices may see something else: https://support.google.com/pixelphone/answer/2844832?hl=en
Okay, thank you again.
i converted the CA with openssl from .pem to .crt.
Then i was able to install it over the menu from the tablet.
but nothing changed
Thanks to all the HA developers -this is a wonderful product.
But why is this still a problem? I have exactly the same issue as the OP had. I have a working HA instance accessible from outside my network over HTTPS (I use my own domain name, Cloudflare for access and LetsEncrypt for the cert) .
On my Android phone both Google Chrome and Midori give me access over my External URL https://obscured:8443
Ä°f the phoneās browsers have no problem, in that they have no SSL Handshake errors, then why does the HA app?
The whole point of the app is to make things more convenient for the user, not less convenient, ie only works without SSL, eg when on home network.
Ä°tās a problem for me because Iām not getting notifications to the app when away from home - so I hope the developers fix the app.
Maybe there is a ādonāt exit on SSL handshake errorsā option?
SSL issues are not one the app will solve, the app will only work with valid SSL certificates. Android is also picky to the point where each device has a different CA that it trusts. Some users need to regenerate using a different so their device will like it. Nothing the app can do here.
I have the same problem as other users. It started to appear when I enabled Cloudflared tunnel.
I had companion app working via nabu-casa and then Iāve switched to cloudflared tunnel.
The app was working fine via cloudflare (Iāve just switched HA address in app settings from nabu-casa to cloudflare url) until it has been reinstalled, after reinstallation Iām unable to connect to my HA instance. Iām getting ssl errors in companion app (on iPhone and Android) in any of below situations:
connecting via cloudflare tunnel (NSURLErrorDomain - 1200 Error) - tried two different approaches - one when cloudflare proxy traffic to local HA instance via HTTP and second when cloudflare tunnel proxy traffic to local HA instance via HTTPS. Results remain the same.
connecting locally via https. HA instance is setup locally to use letsencrypt cert, duckdns domain name resolved locally via proper dnsmasq config on EdgeRouter - working flawlessly via any browser without any errors on both Windows machine, Android phone and iPhone.
connecting locally via http. HA instance is setup locally without any certificate - works via any browser) on local network via local IP address (yes, you read it correctly - Iām getting SSL errors on compnion app while using http connection, which is working correctly on browsers) - NSURLErrorDomain - 1200 Error
And no - I do not allow browser to bypass ssl errors, Iāve inspected the certificate. What is interesting here - the login page loads correctly, Iām able to enter my credentials, next Iām asked for my 2fa, and after submitting this step if fails.
EDIT: disabling cloudflare addon and next restarting HA instance allowed me to connect via Companion App locally via http. So it has to be somehow related with the Cloudflare tunnel addon. After succesfull login in Companion App using this method (with cloudflare addon disbled) I was able to re-enable the cloudflare addon, update the HA url in Companion app to point to cloudflare URL and app is working just fine now. Weird.
@dshokouhi Iāve kinda dislike how you disregard users problems and reports assuming in the first step that they are wrong and for sure this is user fault. And regarding your advice of the logs review - how user should be able to get to the settings of the companion app if the app is not letting user in and therefore user is unable to get into those settings? And I donāt buy your diagnosis that SSL handshake on API calls is somehow different for app than it is for a browser, afaik app utilises the same https transfer protocol as browser does, so handshake is handled in the same way.
