I have the same problem as other users. It started to appear when I enabled Cloudflared tunnel.
I had companion app working via nabu-casa and then I’ve switched to cloudflared tunnel.
The app was working fine via cloudflare (I’ve just switched HA address in app settings from nabu-casa to cloudflare url) until it has been reinstalled, after reinstallation I’m unable to connect to my HA instance. I’m getting ssl errors in companion app (on iPhone and Android) in any of below situations:
- connecting via cloudflare tunnel (NSURLErrorDomain - 1200 Error) - tried two different approaches - one when cloudflare proxy traffic to local HA instance via HTTP and second when cloudflare tunnel proxy traffic to local HA instance via HTTPS. Results remain the same.
- connecting locally via https. HA instance is setup locally to use letsencrypt cert, duckdns domain name resolved locally via proper dnsmasq config on EdgeRouter - working flawlessly via any browser without any errors on both Windows machine, Android phone and iPhone.
- connecting locally via http. HA instance is setup locally without any certificate - works via any browser) on local network via local IP address (yes, you read it correctly - I’m getting SSL errors on compnion app while using http connection, which is working correctly on browsers) - NSURLErrorDomain - 1200 Error
And no - I do not allow browser to bypass ssl errors, I’ve inspected the certificate. What is interesting here - the login page loads correctly, I’m able to enter my credentials, next I’m asked for my 2fa, and after submitting this step if fails.
EDIT: disabling cloudflare addon and next restarting HA instance allowed me to connect via Companion App locally via http. So it has to be somehow related with the Cloudflare tunnel addon. After succesfull login in Companion App using this method (with cloudflare addon disbled) I was able to re-enable the cloudflare addon, update the HA url in Companion app to point to cloudflare URL and app is working just fine now. Weird.
@dshokouhi I’ve kinda dislike how you disregard users problems and reports assuming in the first step that they are wrong and for sure this is user fault. And regarding your advice of the logs review - how user should be able to get to the settings of the companion app if the app is not letting user in and therefore user is unable to get into those settings? And I don’t buy your diagnosis that SSL handshake on API calls is somehow different for app than it is for a browser, afaik app utilises the same https transfer protocol as browser does, so handshake is handled in the same way.