SSL is configured without an external URL or internal URL

risa2000 · October 11, 2024, 6:37pm

The latest update to 2024.10.1 has made me aware that my SSL is configured without an external URL or internal URL

Screenshot 2024-10-11 at 20.20.39

I have been using Let`s encrypt with certbot to certify my external domain (from ddns). I have configured my router to DNAT the incoming traffic from wan to the local address and the local port and this works seamlessly regardless whether I am accessing the router from wan or lan.

So I guess the remark is somehow related to that. I however could not figure out, what should I do, or what it is the fix.

When going to the suggested configuration through the UI, it says my configuration is configured in configuration.yaml, so the UI is locked.

When I look into my yaml, it says:

http:
  # Secrets are defined in the file secrets.yaml
  ###api_password: !secret http_password
  ssl_certificate: /home/hass/letsencrypt/config/live/<domain>/fullchain.pem
  ssl_key: /home/hass/letsencrypt/config/live/<domain>/privkey.pem
  # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
  #base_url: <domain>:<port>
  ip_ban_enabled: True
  login_attempts_threshold: 5

Apparently base_url is an ancient artifact, which has been defunct for a long time. In the forum I found people talking about internal_url and external_url options, but no one has seemed to have clue what to do with them and when looking at the current documentation for http: section on HA web, these config options seem to be defunct too.

Since I have not seen this error before, I guess it is fairly new, but so seem the web documentation.

Does anyone know, what is the actual problem, and how to fix it?

Edwin_D · October 11, 2024, 6:44pm

Kudos for checking the docs, you’re in the top ten percentile
However, like me you found a different reference than the one intended. It is this external url that the warning is about:

risa2000 · October 11, 2024, 7:10pm

The “Remote access” doc unfortunately say basically only “go to the settings and change it”.

But the settings in my case are locked because I have apparently something in configuration.yaml. Which is true, but I do not see how to go without it.

Edwin_D · October 11, 2024, 8:05pm

If you have the yaml version, you need to set them there, or remove the yaml bits from configuration.yaml to get them editable in the ui. The docs have unfortunately removed the bits how to do so in yaml. I had them there long ago so I looked in my github history. It should be here in yaml:

homeassistant:
  external_url: ....

If all ui configurable settings are gone there, the ui is available again.

risa2000 · October 11, 2024, 8:19pm

This is strange. I tried to put both external_url and internal_url in the config, but HA complained that these are unknown options and basically bailed out.

Edwin_D · October 11, 2024, 8:37pm

That would indicate they removed the possibility. But if so, you should be able to use the ui? Or are there other UI settings still in yaml under homeassistant?

risa2000 · October 12, 2024, 10:10am

In the UI I can find this:
Screenshot 2024-10-12 at 12.06.39
which says that UI is disabled (so I cannot change “Internet” edit box).

If I switch Local network to manual, it just displays similar box for it, but I cannot change this one too.

Screenshot 2024-10-12 at 12.06.17

In the configuration.yaml I only have paths to TLS certificates, which I believe I need in order to have the web server using them.

ShadowFist · October 12, 2024, 1:06pm

This is what I have in my Network settings. Ignore the invalid warning - it’ll work just fine once you click past the chrome (or other browser) warning that you are trying to access an http site over https:

This is they http: section in my yaml. Note that the base_url is commented out, so it might as well not be there (it’s a remnant from when it was migrated to UI which I never removed)

http:
  #base_url: https://myinstance.duckdns.org/:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: true
  login_attempts_threshold: 5

I do not, nor have I ever had, have any entries mentioning external_url: under the homeassistant: key. Everything should go under the http section. Your config seems identical to mine except for the path. Can you try and move the certs to the ssl folder?

PS- if you’re using DuckDns, I’m 99% sure you don’t need a separate Let’s Encrypt & certbot Addon/Integration/whatever it is you’re running. Let’s Encrypt is built into the Duckdns addon already.

risa2000 · October 13, 2024, 7:54am

When I tried these options, I put them under http: section, not homeassistant: as suggested by @Edwin_D, and for both, HA complained they are not recognized.

For what concerns the placement of the key and certificate, I have it this way, because certbot runs as shell_command with HA privileges, so it is convenient to have all it needs in HA home directory (I am running HA Core).

I am not running duckdns.org as a DDNS. The thing in my screenshot is just a stub, created by HA.

Anyway, my problem is not with accessing the HA web page either from internal or from external network - both work exactly as they should. The only “problem” is HA complaining about something and me having no clue what is the problem and what is HA expecting instead.

WallyR · October 13, 2024, 8:24am

Internal and external url only makes sense if the program can detect your connection and only the companion apps can do that.
The companion apps have that setting already, so my guess is that all those settings ever did or do is making the companion app able to autofill those two settings.

Edwin_D · October 13, 2024, 8:51am

I think the external one might also be for oauth to provide a callback in the authentication of integrations. Wht I think you should focus on is why the section is disabled in the UI. I’m pretty sure that was because of things defined in yaml below homeassistant. Are there things there that can also be set in the ui?

Mr.Unbekannt2.0 · October 20, 2024, 4:32pm

I found this:

github.com/home-assistant/frontend

SSL is configured without an external URL error shown with no relevant page in Network settings

opened 07:15PM - 03 Oct 24 UTC

karlbeecken

### Checklist - [X] I have updated to the latest available Home Assistant versi…on. - [X] I have cleared the cache of my browser. - [X] I have tried a different browser to see if it is related to my browser. - [X] I have tried reproducing the issue in [safe mode](https://www.home-assistant.io/blog/2023/11/01/release-202311/#restarting-into-safe-mode) to rule out problems with unsupported custom resources. ### Describe the issue you are experiencing Since the update to 2024.10, I get the following error: ![Screenshot 2024-10-03 at 21-10-19 Settings – Home Assistant](https://github.com/user-attachments/assets/629f948b-7c5d-45a6-af41-9a6d216a0bfb) The mentioned section in the Network Settings is not availaboe though: ![Screenshot 2024-10-03 at 21-11-05 Settings – Home Assistant](https://github.com/user-attachments/assets/80dfb828-d649-42d4-bf26-38fc304cc793) ### Describe the behavior you expected The relevant section in the Network Sections should show up or the error should not be raised. ### Steps to reproduce the issue 1. configure SSL for HA ### What version of Home Assistant Core has the issue? 2024.10.0 ### What was the last working version of Home Assistant Core? 2024.9 ### In which browser are you experiencing the issue with? Firefox 130.0.1 ### Which operating system are you using to run this browser? macOS 15.0 (24A335) ### State of relevant entities _No response_ ### Problem-relevant frontend configuration _No response_ ### Javascript errors shown in your browser console/inspector _No response_ ### Additional information _No response_

What worked for me was the part of “enable the advanced settings in your profile” … didn’t know that exists … then there appears the filed for the external URL in the network config.