SSL not working

Configuration
1

Hi,

Generated Certificates using DuckDNS addon.
Certificates are installed and do work as it is possible to perform https access to other addons like, for instance IDE.

When trying to access front end I receive error messages on the browsers like these:

Firefox:
SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Chrome:
ERR_SSL_PROTOCOL_ERROR

When searching for this errors it seems there is some kind of configuration issue with the webserver:

“The web server is sending non-secure (HTTP) data where secure (HTTPS) data is expected by Firefox. This can be confirmed by going to http://server-name:443 instead of https://server-name.”

This seems to be the case as it is possible to access using http on port 8123.

My http section on configuration.yaml is:

http:
api_password: !secret http_password
base_url: https://.duckdns.org:8123
#server_port: 8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
ip_ban_enabled: true
login_attempts_threshold: 3

The relevant home-assistant log

Error handling request
Traceback (most recent call last):
File “/usr/local/lib/python3.6/site-packages/aiohttp/web_protocol.py”, line 275, in data_received
messages, upgraded, tail = self._request_parser.feed_data(data)
File “aiohttp_http_parser.pyx”, line 523, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: invalid HTTP method

I had this working on previous home-assistant version but had to re-install and since then is not working. Maybe something broke along the way…

Help would be appreciated. Thank you.

//Pedro

2

Just to complement.

Running Hassio v0.87.1 docker container on debian9.
Fresh install.

3

Hi Pedro,
I´m not an expert either, but have you tried port forwarding port 443 in your router to point to port 8123 on your Home assistant?

4

Hi Piggyback,

Issue is well before that point. Even inside the network I cannot open an SSL connection to homeassistant.
I had this setup working previously with no issues. Do not know why this is happening with a fresh setup.
I seems like some side effect introduced between when I first setup homeassistant and this version…
Nevertheless as I stated, I had this setup already running so port forwarding in the router is already configured.
I am using NAT port 8123 outside to 8123 inside. No port translation in my setup.

5

Are you sure you got the correct IP address?

6

Hi Petro,

Yes, got it right.
Edited my hosts file so, both using fqdn or IP address the result is the same. That SSL error…

7

I had this same problem with my installation (pi) . But I don’t remember exactly what the fix was. Either I had a missing http: in configuration.yaml or the SSL port was forwarded to the wrong IP.

8

I would try to use standard port 43 for https
just leave out the 8123
base_url: https://.duckdns.org
And forward port 43 to 8123

9

Hi Windsurfer,

That is not my case. Not worried about router publishing for now. Even internally I am unable to access homeassistant frontend using https on port 8123

10

OK, I am with you. a problem with the certificates ? … maybe someone running a docker can chime in.

11

Certificates are OK. They are used in other addons like IDE without any issue.

12

After some more fiddling with configuration and still without luck, I came across with this when running command: hassio ha info
core-ssh:~# hassio ha info
arch: amd64
boot: true
custom: false
image: homeassistant/qemux86-64-homeassistant
last_version: 0.87.1
machine: qemux86-64
port: 8123
ssl: false
version: 0.87.1
wait_boot: 600
watchdog: true

The entry ssl:false seems to be the problem. As far as I know this should be set to true but I do not know how to do it.

Anyone?

14

Thank you all.
Solved my issue.
In my configuration.yaml, the http: header was under config: header, instead of being at the same level.
It was a fresh install so something went wrong with the template or I did some change that I did not notice and the result was SSL not working.

Thank you all for taking time trying to help.

7 Likes
15

Thank you Xptorol for posting your fix!!! I had been staring at my config for a day… then with your post realizing I was doing the same thing where I had " http:" rather than “http:”… I was starting on the second column of line rather than on the first.

Thank you!
Rich

16

You made my day:grinning:, I had been struggling with this for a week now, I was about to re-install my home assistant…:man_facepalming:

17

Thank you!! Had the same issue " http:" instead of “http:”. Took me 2 days to figure out.

18

mates:

can i peep at your configuration. yaml?
Its has been 2 weeks, I’ve tried but with NO success.

Thanks

19

@Ajaxhan_Anna My working config looks like this:


# Configure a default setup of Home Assistant (frontend, api, etc)
default_config:

# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
http:
   base_url: https://changetoyours.duckdns.org
   server_port: 8123
   ssl_certificate: /ssl/fullchain.pem
   ssl_key: /ssl/privkey.pem
# Text to speech
tts:
   platform: google_translate

group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml
2 Likes
20

This answer helped me.
Changed address (ofc)
Changed port to 443
Created port in/out 443 in router.
Maybe I could have left it at 8123 inside my network, but this works for me.

21

Thank you for posting your fix. Had the same problem
Duckdns and SSL running now!

Thanks,
Boris