Push notification switch is disabled

There’s something I don’t understand about how to enable html5 push notifications.
Here the official guide: https://www.home-assistant.io/components/notify.html5/#verify-your-domain
The link that explains how to enable https goes here: https://www.home-assistant.io/docs/configuration/remote/ and then here https://www.home-assistant.io/docs/ecosystem/certificates/tls_self_signed_certificate/.

BUT the first link also says: " The certificate must be trustworthy (i.e. not self signed)." and this is against the last link above that describe how to create a self-signed certificate.

Now I have https enabled, Google project is configured and I get the api keys. But the push notification switch is still disabled.

If the docs are rights (at least part of them) it’s because I’m using a self-signed certificate.
It’s hard to think that you can have a signed certificate at home.

So: what am I missing? Does html5 push notifications REALLY does require a signed certificate?
What other platforms might we use that don’t have limitations about the number of notifications like pushbullet & similar?

Needs signed cert.(Not self signed)
Must verify site with Google for html5 to work

I just set this up as per the instructions and it’s working here so far as I can tell.

Got it. The problem is that signed certificates are expensive and requires an annual payment (not one-shot).
Furthermore all these notification platforms rely upon a third-party server.

Why is not possible to send a notification directly to a smartphone running a simple app that acts as a server?
Or can’t I use a MQTT client app on the phone and publish “notifications” via MQTT? Well, I also can send an email, but it looks like an overkill!

I’m asking you all what solutions you’re using for home automation: i.e. alarm sensors, presence detections, periodic temperature reports, etc…

???
Let’s Encrypt, a signed certificate is free???

I said I was a bit confused… please be patient with me!
I didn’t understand Let’s Encrypt was a signed certificate. I thought it was just an alternative to openssl.
But if it’s signed and it’s free… why there are a lot of expensive ones? What are the differences?

Now I’m trying to following this guide. I really don’t need a dyndns because I have a static ip. But for the sake of avoiding other variables I registered an account on DuckDNS.

My HA is reachable from the Internet without https. If I put the generated certificates’ paths in the configuration but I get ERR_CONNECTION_REFUSED:

http:
  api_password: !secret http_password
  ssl_certificate: /home/homeassistant/dehydrated/certs/myduckdns.duckdns.org/fullchain.pem
  ssl_key: /home/homeassistant/dehydrated/certs/myduckdns.duckdns.org/privkey.pem
  base_url: myduckdns.duckdns.org:8123

I checked the configuration and no errors are shown. It works with the openssl ones. Is there something I might miss?

multiple answers to that one…
Most basic is the ones you ‘pay for’ include insurance so if someone gets hacked through your site and you get hacked you can make a claim on the provider… Really only ecommerce type sites need to care about that.

I have a duckdns but it’s on my router so I don’t use the duckdns addin in Home Assistant - I only use the letsencrypt ssl certificate.
My http info is:

ssl_cert_lets: /ssl/fullchain.pem
ssl_key_lets: /ssl/privkey.pem
base_url_name: https://my-domain.duckdns.org:8123

I’m running Hassio so your ssl path might be different but the base_url is probably correct.

Thanks for your explanation. My paths are correct, still there is a weird behavior.

First try
Commented out those three lines in configuration. That means I can access only via http.
http://my-domain.duckdns.org:8123 loads the HA, sample output:

[email protected] - Home Assistant
   Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-04-03 22:57:37 CEST; 5s ago
 Main PID: 20584 (hass)
    Tasks: 14 (limit: 4915)
   CGroup: /system.slice/system-home\x2dassistant.slice/[email protected]
           └─20584 /srv/homeassistant/bin/python3 /srv/homeassistant/bin/hass -c /home/homeassistant/.homeassistant

apr 03 22:57:42 nas hass[20584]: 2018-04-03 22:57:42 INFO (MainThread) [homeassistant.setup] Setup of domain history took 0.0 seconds.
apr 03 22:57:42 nas hass[20584]: 2018-04-03 22:57:42 INFO (MainThread) [homeassistant.core] Bus:Handling <Event component_loaded[L]: component=history>
apr 03 22:57:42 nas hass[20584]: 2018-04-03 22:57:42 INFO (MainThread) [hbmqtt.broker] Listener 'default' bind to 0.0.0.0:1883 (max_connections=-1)
apr 03 22:57:42 nas hass[20584]: 2018-04-03 22:57:42 INFO (MainThread) [transitions.core] Exited state starting
apr 03 22:57:42 nas hass[20584]: 2018-04-03 22:57:42 INFO (MainThread) [transitions.core] Entered state started
apr 03 22:57:42 nas hass[20584]: 2018-04-03 22:57:42 INFO (MainThread) [homeassistant.core] Bus:Handling <Event service_registered[L]: domain=mqtt, service=publish>
apr 03 22:57:42 nas hass[20584]: 2018-04-03 22:57:42 INFO (MainThread) [homeassistant.setup] Setup of domain mqtt took 2.8 seconds.
apr 03 22:57:42 nas hass[20584]: 2018-04-03 22:57:42 INFO (MainThread) [homeassistant.core] Bus:Handling <Event component_loaded[L]: component=mqtt>
apr 03 22:57:42 nas hass[20584]: 2018-04-03 22:57:42 INFO (MainThread) [hbmqtt.broker] Listener 'default': 1 connections acquired
apr 03 22:57:42 nas hass[20584]: 2018-04-03 22:57:42 INFO (MainThread) [hbmqtt.broker] Connection from 127.0.0.1:56237 on listener 'default'

Second try
I enable the ssl items but with a wrong path. Sample output:

[email protected] - Home Assistant
   Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-04-03 22:58:14 CEST; 2s ago
 Main PID: 20646 (hass)
    Tasks: 8 (limit: 4915)
   CGroup: /system.slice/system-home\x2dassistant.slice/[email protected]
           └─20646 /srv/homeassistant/bin/python3 /srv/homeassistant/bin/hass -c /home/homeassistant/.homeassistant

apr 03 22:58:16 nas hass[20646]:  - [websocket-api](https://home-assistant.io/components/websocket_api/)
apr 03 22:58:16 nas hass[20646]:  - mqtt.server
apr 03 22:58:16 nas hass[20646]:  - [api](https://home-assistant.io/components/api/)
apr 03 22:58:16 nas hass[20646]:  - [http](https://home-assistant.io/components/http/)
apr 03 22:58:16 nas hass[20646]:  - [system-log](https://home-assistant.io/components/system_log/)
apr 03 22:58:16 nas hass[20646]:  - [frontend](https://home-assistant.io/components/frontend/)
apr 03 22:58:16 nas hass[20646]: Please check your config., title=Invalid config @ 2018-04-03T22:58:16.847949+02:00>, entity_id=persistent_notification.invalid_config>
apr 03 22:58:16 nas hass[20646]: 2018-04-03 22:58:16 INFO (MainThread) [homeassistant.core] Bus:Handling <Event service_executed[L]: service_call_id=3058544684-8>
apr 03 22:58:16 nas hass[20646]: 2018-04-03 22:58:16 INFO (MainThread) [homeassistant.setup] Setting up recorder
apr 03 22:58:16 nas hass[20646]: 2018-04-03 22:58:16 INFO (MainThread) [homeassistant.core] Bus:Handling <Event service_registered[L]: service=purge, domain=recorder>

Third try
ssl enable with the right path:

[email protected] - Home Assistant
   Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-04-03 22:58:14 CEST; 27s ago
 Main PID: 20646 (hass)
    Tasks: 23 (limit: 4915)
   CGroup: /system.slice/system-home\x2dassistant.slice/[email protected]
           └─20646 /srv/homeassistant/bin/python3 /srv/homeassistant/bin/hass -c /home/homeassistant/.homeassistant

apr 03 22:58:20 nas hass[20646]: 2018-04-03 22:58:20 INFO (MainThread) [homeassistant.core] Bus:Handling <Event state_changed[L]: new_state=<state automation.accensione_luci_giardino_a
apr 03 22:58:20 nas hass[20646]: 2018-04-03 22:58:20 INFO (MainThread) [homeassistant.components.automation] Initialized trigger Radar ovest
apr 03 22:58:20 nas hass[20646]: 2018-04-03 22:58:20 INFO (MainThread) [homeassistant.core] Bus:Handling <Event state_changed[L]: new_state=<state automation.radar_ovest=on; friendly_n
apr 03 22:58:20 nas hass[20646]: 2018-04-03 22:58:20 INFO (MainThread) [homeassistant.components.automation] Initialized trigger Spegnimento luci giardino all'alba

Hence, with a wrong path the configuration is invalid. Good. But with a right path there is no bind to port 1883.

Last try
I set again my openssl certificates, and now we have again the listener active:

[email protected] - Home Assistant
   Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-04-03 23:08:54 CEST; 6s ago
 Main PID: 20970 (hass)
    Tasks: 14 (limit: 4915)
   CGroup: /system.slice/system-home\x2dassistant.slice/[email protected]
           └─20970 /srv/homeassistant/bin/python3 /srv/homeassistant/bin/hass -c /home/homeassistant/.homeassistant

apr 03 23:08:59 nas hass[20970]: 2018-04-03 23:08:59 INFO (MainThread) [homeassistant.setup] Setup of domain history took 0.0 seconds.
apr 03 23:08:59 nas hass[20970]: 2018-04-03 23:08:59 INFO (MainThread) [homeassistant.core] Bus:Handling <Event component_loaded[L]: component=history>
apr 03 23:08:59 nas hass[20970]: 2018-04-03 23:08:59 INFO (MainThread) [hbmqtt.broker] Listener 'ws-1' bind to 0.0.0.0:8080 (max_connections=-1)
apr 03 23:08:59 nas hass[20970]: 2018-04-03 23:08:59 INFO (MainThread) [transitions.core] Exited state starting
apr 03 23:08:59 nas hass[20970]: 2018-04-03 23:08:59 INFO (MainThread) [transitions.core] Entered state started
apr 03 23:08:59 nas hass[20970]: 2018-04-03 23:08:59 INFO (MainThread) [homeassistant.core] Bus:Handling <Event service_registered[L]: domain=mqtt, service=publish>
apr 03 23:08:59 nas hass[20970]: 2018-04-03 23:08:59 INFO (MainThread) [homeassistant.setup] Setup of domain mqtt took 3.0 seconds.
apr 03 23:08:59 nas hass[20970]: 2018-04-03 23:08:59 INFO (MainThread) [homeassistant.core] Bus:Handling <Event component_loaded[L]: component=mqtt>
apr 03 23:08:59 nas hass[20970]: 2018-04-03 23:08:59 INFO (MainThread) [hbmqtt.broker] Listener 'default': 1 connections acquired
apr 03 23:08:59 nas hass[20970]: 2018-04-03 23:08:59 INFO (MainThread) [hbmqtt.broker] Connection from 127.0.0.1:52307 on listener 'default'

Your http: section in your post didn’t have the https:// in the base URL… In any case, it’s a bit hard to work out the problem unless you post your config.

Those errors don’t seem to be related to html5 notify which I thought was your problem?

Actually, expliciting the https protocol in the base_url makes no difference: open_ssl still works, let’s encrypt doesn’t. I tried both versions.

Here we go with my configuration, I haven’t enabled html5 notification yet:

homeassistant:
  name: Home
  latitude: 45.5731
  longitude: 8.8563
  elevation: 255
  unit_system: metric
  time_zone: Europe/Rome
  customize: !include customize.yaml

frontend:

config:

http:
  api_password: !secret http_password
  ssl_certificate: /home/homeassistant/.homeassistant/certificate.pem
  ssl_key: /home/homeassistant/.homeassistant/privkey.pem
  base_url: https://femtohome.duckdns.org:8123

updater:
  include_used_components: false

discovery:

conversation:

history:

logbook:

map:

sun:

sensor:
  - platform: darksky
    api_key: !secret darksky_password
    forecast: 
      - 1
      - 2
      - 3
    language: it      
    monitored_conditions:
      - summary
      - temperature
      - apparent_temperature
      - temperature_min
      - temperature_max
      - humidity
      - wind_speed
      - wind_bearing
      - cloud_cover      
    update_interval:
      hours: 1 

tts:
  - platform: google

cloud:

notify:
  - name: pushbullet
    platform: pushbullet
    api_key: !secret notify_password

mqtt:

light:
  - platform: mqtt
    name: "Luci giardino"
    command_topic: "home/alarm/rele/1"
    state_topic: "home/alarm/rele/1/state"

switch:
  - platform: mqtt
    name: "Rele 2"
    command_topic: "home/alarm/rele/2"
    state_topic: "home/alarm/rele/2/state"

binary_sensor:
  - platform: mqtt
    name: "Porta box interna"
    state_topic: "home/alarm/sensor/4"
  - platform: mqtt
    name: "Porta box esterna"
    state_topic: "home/alarm/sensor/3"
  - platform: mqtt
    name: "Radar est"
    state_topic: "home/alarm/sensor/2"
  - platform: mqtt
    name: "Radar ovest"
    state_topic: "home/alarm/sensor/1"

group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml

I know you said the ssl was in the right place but on my system (hassio) they are here:
/ssl/fullchain.pem
/ssl/privkey.pem

It depends of course where you download dehydrated. As you can see my paths are identical to those on the guide: https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt because I followed the same procedure.