Request help with homeassistant nginx setup

Writtscher · May 24, 2023, 12:52pm

Hi. I am using my HA-System in combination with Alexa / AWS Lambda.

I’ve setup Duckdns with LetsEncrypt and it works. My AWS lambda function can access my HA (https).

Now I’d like to avoid using https when at home. At home I’d like to call my HA over http. Therefor I’ve installed nginx and followed the installation guide.

This works as well. Now my HA is accessible over http and I am also able to call my HA over https when not at home (local network). But now my AWS Lambda function is not working anymore. I get the following error:

errorMessage": "HTTPSConnectionPool(host='www.XXX.duckdns.org', port=443): Max retries exceeded with url: /api/alexa/smart_home (Caused by SSLError(SSLError(1, '[SSL: TLSV1_UNRECOGNIZED_NAME] tlsv1 unrecognized name (_ssl.c:997)')))

I am using a self signed certificate (DuckDns creates a certificate when installed). The used script can be found in the HA documentation.

I hope one might help me out here. I am out of ideas…

Neil_Brownlee · May 24, 2023, 1:48pm

Not sure if you have tried this but this add-on does it all :

Writtscher · May 25, 2023, 9:45am

No, I did not try this one. I tried the other one “NGINX Home Assistant SSL proxy”.

I will give this a shot and will let you know whether this addon did the trick.

Writtscher · May 31, 2023, 9:29am

Hi. Ok I figured it out. There was an issue with my ssl certificate and the duckdns setup.

I renewed my certificate and my connection is secure now. I installed the official nginx addon and everything seems fine.

The only issue now is that I get an error when I call the URL https://xxx.duckdns.org/api/alex/smart_home. I get the following error ERR_SSL_UNRECOGNIZED_NAME_ALERT. I am no nginx expert but it looks like there is an forwarding error.

I have the following nginx configuration for /api

location /api {
    proxy_connect_timeout 60;
    proxy_read_timeout 60;
    proxy_send_timeout 60;
    proxy_intercept_errors off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $host:8126;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://homeassistant.local.hass.io:8123/api;
}

Any experts around to help me with this?

aLMa · May 31, 2023, 11:26am

Could you provide the full nginx configuration and may check the certificates in the local network and from outside.

To check the certificates you could use openssl: echo | openssl s_client xxx.duckdns.org:443 2>/dev/null | openssl x509 -noout -text

One problem might be that you use different certificates for external access (created by duckdns addon) and internal access and one (the external) is not used for connections.

The error message refers to multiple problems that can occure by misconfiguration in respect to TLS.

best regards