SSL certificate error on local network


I am trying to configure the iOS app. I have successfully set up DuckDNS subdomain with Let’s encrypt certificate. So the home assistant is accessible through https://homeassistant.local:8123 on the local network and The problem with the app is that when submitting the local address in the app configuration I get the “Invalid certificate” error. On the web browser I can bypass this error but it is not possible within the app. On the external network everything works fine.

How to solve this error? I have quite a basic WiFi router, without even possibility to input my own DNS servers.


I have solved this problem by following carefully this info:

and setting the NGINX proxy.



Strange thing. The app keeps replacing the proper (and working in the browser) external link with “http://homeassistant.local”. Any ideas why?

Thank you, jac! This solved my problem! I studied a lot of discussions before and tried everything just to to be able to use the android app in local network, even changed my router. The installation of NGINX solved this, I just followed the Hassio Add-on description in GitHub

Thank @jac, working for me :slight_smile:

I think I have the same problem. For some reason the http://hassio.local:8123/ address does not resolve on my internal network, so I use the ip address instead. For the external address I use my duckdns,org address, but since the new version it will no longer connect.

If I use: I’ll get an SSL error,
If I use it won’t connect,
If I use the app will not save the address.
If I use it won’t connect.

Was working fine before the upgrade. What has changed and how can did you fix it?

If you get an SSL error using this address, it seems likely that the certificate does not match the domain. You should check the error of connection privacy view in your browser. That should tell you the address the certificate was issued to

Yeah, I just use a generic self generated certificate. It has worked until recently, has something changed in the app that they are no longer able to be used?

Thanks Tom, being the dill that I am I appended the HA port to the domain address. Off course that didn’t work as I only forwarded HTTP and HTTPS in my router.