Note 1: I’ve seen other topics covering this, but none of the solutions worked.
Note 2: I’ve just renumbered the LAN one of my nodes is on and had to modify the inward FOWARD chain on the firewall. The outward chain was unchanged, so the problem may lay there; but I can’t see anything wrong. Everything from a PC on the same LAN works OK.
I’m seeing odd behaviour from the Pi running HAOS. The headline symptom is that HA is unable to check for updates to itself or any addons.
2026-04-01 10:27:30.398 WARNING (MainThread) [supervisor.store.git] Wasn't able to update https://github.com/esphome/home-assistant-addon repo: Cmd('git') failed due to: exit code(128)
cmdline: git ls-remote --heads https://github.com/esphome/home-assistant-addon
stderr: 'fatal: unable to access 'https://github.com/esphome/home-assistant-addon/': Recv failure: Connection reset by peer'.
Digging into this from the backend, I see this:
# curl -v https://github.com/esphome/home-assistant-addon
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
i.e. the other end isn’t responding to the TLS Hello. However, the following works:
# curl -v https://www.google.com
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
> GET / HTTP/1.1
> Host: www.google.com
> User-Agent: curl/8.12.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/1.1 200 OK
The fact that a call to one destination works when another doesn’t seems to rule out a firewall issue, but I get the same failure with other destinations: only google.com seems to work.
Frankly, I’m stumped at the moment and looking for inspiration.