SSL certificate error on local network

Mobile Apps Home Assistant Companion for Apple
1

Hello,

I am trying to configure the iOS app. I have successfully set up DuckDNS subdomain with Let’s encrypt certificate. So the home assistant is accessible through https://homeassistant.local:8123 on the local network and https://my-domain.duckdns.org:8123. The problem with the app is that when submitting the local address in the app configuration I get the “Invalid certificate” error. On the web browser I can bypass this error but it is not possible within the app. On the external network everything works fine.

How to solve this error? I have quite a basic WiFi router, without even possibility to input my own DNS servers.

2

Hi,

I have solved this problem by following carefully this info:

and setting the NGINX proxy.

J.

6 Likes
3

Strange thing. The app keeps replacing the proper (and working in the browser) external link with “http://homeassistant.local”. Any ideas why?

4

Thank you, jac! This solved my problem! I studied a lot of discussions before and tried everything just to to be able to use the android app in local network, even changed my router. The installation of NGINX solved this, I just followed the Hassio Add-on description in GitHub

5

Thank @jac, working for me :slight_smile:

6

I think I have the same problem. For some reason the http://hassio.local:8123/ address does not resolve on my internal network, so I use the ip address instead. For the external address I use my duckdns,org address, but since the new version it will no longer connect.

If I use: https://mydomain.duckdns.org I’ll get an SSL error,
If I use http://mydomain.duckdns.org it won’t connect,
If I use http://mydomain.duckdns.org:8123 the app will not save the address.
If I use https://mydomain.duckdns.org:8123 it won’t connect.

Was working fine before the upgrade. What has changed and how can did you fix it?

7

If you get an SSL error using this address, it seems likely that the certificate does not match the domain. You should check the error of connection privacy view in your browser. That should tell you the address the certificate was issued to

8

Yeah, I just use a generic self generated certificate. It has worked until recently, has something changed in the app that they are no longer able to be used?

9

Thanks Tom, being the dill that I am I appended the HA port to the domain address. Off course that didn’t work as I only forwarded HTTP and HTTPS in my router.

10

Thank you for sharing.

If anyone is using AdGuard Home with the DNS rewrite be aware that the DNS rewrites are now under Filters (snapshot below, as the guide above says it’s in the DNS settings)

image
image588×582 23.2 KB

1 Like
11

@jac hi,
i have no clue … but I have Rebind protection on my dnsserver on (using dnsmasq on openwrt) but i added exception
dhcp.@dnsmasq[0].rebind_domain=‘/myhass.duckdns.org/’

even its not working ;(

edit1
i disabled Rebind protection at all and its not working.

There seems to be other issue or something is written/designed in bad fashion…

fixed here>