Remote UI errors

Everytime i use the Remote UI i get these errors:

2019-03-28 12:09:00 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error in data received
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/asyncio/", line 526, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/usr/local/lib/python3.7/asyncio/", line 189, in feed_ssldata
  File "/usr/local/lib/python3.7/", line 763, in do_handshake
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-03-28 12:09:02 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed

How to fix?

It would be helpful if you could provide more information, as the error message you’ve posted is a handshake error that could have numerous sources as I understand it:

  1. Are you running hassio / HomeAssistant? In what environment (docker, linux, , venv, windows,…)
  2. Is the server behind a firewall? Is the client?
  3. If a firewall is in the mix, is there MITM HTTPS inspection in use?
  4. Are you testing from one client and one network only, or multiple clients and networks?

Ok, some more infos:

  1. Home Assistant on hassbian (raspberry Pi3)
  2. No firewall
  3. Tested on Chrome (MacOs and android mobile)

Just another question:
Having configured duckdns, is the remote UI an alternance to duckdns or am i forced to run one or the other?

I never used the duckdns approach myself as I’m still refining our system. I just used VPN for remote access until the remote UI came online.

Something seems to be preventing your SSL handshake completion - I saw plenty of those errors when dealing with Fortigates’ ropey TLS 1.3 implementation on their firewalls for HTTPS inspection.

Assuming you are on the latest release (90.2) I’d personally try to disable / otherwise remove duckdns from the equation as part of troubleshooting. However without direct experience of duckdns I don’t know how tricky that is to do cleanly.

This is information that would have been helpful from the start.

When you say “Remote UI”, what exactly are you talking about?

I am talking about the new remoteUI feature in HA 0.90.

From the Cloud component? Nabu casa?

Yes that’s right.

I guess that it is not one way or another and that you can have them both, but the cloud service is best used by people who do not want to expose their HA to the internet directly.

So, by using a cloud service they can access remotely their HA without having to open ports, arrange DNS and SSL certificates.
Extra you can connect the cloud directly with other online services, (eg. amazon alexa, google assistant etc.). This means you do not need to configure any of those in the HA, and by connecting to the cloud on a new HA installation it will get all those service up-n-running.

Even thought all the above are nice and easy; I personally am a little maniac with privacy & security, I have the time and the tech knowledge to setup them myself (everything’s very easy and well instructed in here, anyways) and I prefer to have the control of my data and connections, so I won’t use the cloud service yet.

Using a custom DNS (DuckDNS in your case) with SSL*(TLS)* configured correctly (LetsEncrypt in your case?), you have encrypted remote access to your HA with the data read only by you and your system.
Using the cloud it is not going to be possible to avoid MITM attacks (source).

In order to be able to connect you need:

  • An account
  • you MUST NOT use nor ::1 as trusted_networks in your http: configuration.
  • you MUST NOT use ip_ban_enabled because the remote connection will be banned as a whole. This makes your exposed DuckDns more vulnerable to attacks.

That should be enough.

1 Like

Thanks, very good explanation…

I used to get SSL handshake fail errors also, there is an issue about it on github:

A few people have suggestions on how to fix it, namely using nginx

I am using nginx as well.
So, I have never met that issue…