Tp-link tapo p110 / energy monitoring not possible without cloud access?


after some realtively positiv experiences with the tp-link kasa plugs, i just bought some tapo p110 wifi sockets, using the tapo integration through hacs. as usual, i want to block any outgoing connections from the IOT devices … and this is where the trouble started.

after the initial setup, i started blocking the plug’s ip adresses, and quickly realized that unless they have internet access when they’re powered ob (i.e. start receiving power, as opposed to “switched on”), they do work as switches, but they dont provide the energy monitoring feature. the led is yellow.

when i do allow outgoing connections, the led turns green, and the plug opens an https connection to a machine in AWS - in my case - which presents a rather odd TLS certificate:

depth=2 CN = tp-link-CA
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=2 CN = tp-link-CA
verify return:1
depth=1 DC = cn, DC = com, DC = tp-link, CN = TP-LINK CA P1
verify return:1
depth=0 C = HK, ST = HongKong, L = Kowloon, O = TP-LINK CORPORATION LIMITED, OU = R&D dept., CN = *
verify return:1

this is a self-signed certificate, and i assume the plug has the CA built in? what is odd is that even when i start blocking again, it does seem to continue working ok, but i read that this was supposed to be completely working without access - clearly, it is not working. also, the setup app asks for location permissions, so this combination is clearly rather dodgy in terms of privacy.

does anyone know how to make them behave? or are there any recommendations (for the EU) for plugs that can to energy monitoring without telling the world?


1 Like

You may have solved it by now since it’s 4 months later, but for the benefit of anyone else who has the same issue, all I needed to do was allow UDP port 123 (NTP) outbound to

Once I opened that port everything started working properly in HA, but the iOS app still had a few issues… not surprising as it seems mostly cloud based. Not an issue for me, as I only use it to initialise my Tapo plugs.


So does that mean that it is possible to use the energy consumption reports in HA while blocking all external access apart from port 123 to

Not sure precisely what you mean by “energy consumption reports”, but if you mean the “Current Energy” and “Today Energy”, then yes!


This explains why my plugs have stopped working during my internet outage. Seems most unnecessary. I wonder if I can configure pfsense to pretend to be the NTP server…

How did you get the Tapo Controller working. I have been trying for days now with no joy. Just "login failed or “Unable to connect”.
Would love some help with this!!