SSL Not Secure

I think it was and now it isn’t, but anyone know why a site with a GoDaddy SSL certificate would show in Chrome as non secure?

Below are my application.yaml settings:

http:
  base_url: https://<URL>
  server_port: 8123
  ssl_certificate: /ssl/<URL>-chain.pem
  ssl_key: /ssl/<URL>-key.pem

When I pull up the site I get:
image

Also when I click on not secure I get:

image

JR

Mine is through my selfhosted website that I use with a google domain. It’s just a woocommerce store, that I run through a wordpress docker.
I created the certificates with certbot and then copied the info into the /ssl/ folder.

If I log into HA with my https://local.hassio url, it says invalid, but if I log in through my domain, it’s secure.

Could it be any of that?

Yeah I’m logging in with my external domain URL all the time. If I try going to http:// it fails but https:// goes thru but says not valid.

When you click on Certificate:
image

It should tell you why it’s invalid.

From the screenshot I can see that the certificate is reported as “valid”.

Is this page loading resources over non secure connection (http links)?

Good point I glanced over that :stuck_out_tongue:

Not that I know. Now the odd part is I closed the browser and opened it again and now it shows all is good with Chrome

Highly recommend using a reverse proxy to secure outside connections into your Home Assistant rather than doing SSL on the HA side.

1 Like

I was thinking of that and have been trying a form of this if for no other reason Alexa lambda functions. Here’s my problem.

  1. I have Windows Essentials Server allowing me to remotely connect to computers at home. That runs on 80 and 443. Changing 443 is impossible or almost impossible.

  2. I need to expose HA on 443 for the Alexa integration because that’s all that Amazon supports. Right now having HA on 8123 it fails but going to 443 it works.

I kind of want essentials to be primary because it’s remoting in and the like and who knows what changing it would break. So I tried using ARR and URL Rewrite rules to make this work and it kind of did but after logging in would fail. Plus there are issues with SSL getting the browser to receive the right cert as I have one public cert for essentials another for HA.

Hi all - I am noticing the same thing after setting up duckdns & letsencrypt. When I visit my homeassistant from a browser, it complains that it is not secure.

I see an error that reads:

This server could not prove that it is 192.168.1.202 ; its security certificate is from XXXXXX.duckdns.org . This may be caused by a misconfiguration or an attacker intercepting your connection.

I clicked on ‘certificate’ but I cannot find what may be the culprit.

I see the following in chrome:


Do you open homeassistant via the IP or via the duckdns domain?
If you call homeassistant over the IP the message of your browser is correct, because the certificate was issued for the call over duckdns.

Is there an option to configure HA in such a way that SSL will be used only when connecting from outside (external domain), but not when connecting locally (local IP)?
I know that I can use Nabu Casa Remote, but I’m searching for an alternative.

Yes, don’t configure SSL in the Home Assistant configuration and use a reverse proxy for the outside connections.

@Flop2006 - correct, I was using the IP address on a local connection. If I connect via the duckdns address, I do not see this error. Is there any issue with connecting through duckdns.org instead of locally? it just seemed a round about way to get to my local box. Thanks!

Any materials for a newbie? :slight_smile:
Do I need some extra equipment for that? Right now I have dyndns setup on my router. HA is running on PI3.

EDIT: Found this: https://www.home-assistant.io/docs/ecosystem/nginx_subdomain/, but that is all very new to me.

You can install nginx on your Pi3 unless you’re using HassIO that’s a different beast, usually there’s a addon for that setup.

I’m using Hass.io (as I wrote I’m a newbie) but I found this: Home Assistant Community Add-on: Nginx Proxy Manager so it shouldn’t be that hard I guess :slight_smile:

That would be the addon you’d want. Enjoy!

Hmm… I seem to be able to connect externally to my home assistant now that SSL is installed with duckdns- but I have trouble connecting to my home assistant when in my local network… any thoughts would be helpful - thanks!

does your router support nat loopback/hairpin dns?