I had the same issue when I upgraded to 0.117.3 all I had to do was use remove the http: line in my configuration.yaml. if you have an external URL or deviate from the default internal URL be sure to input the proper information in the configuration…info tab of HA… works perfectly now must be because of the recent depreciation of the base_url: function
Thank god for your post, I was having hell of a time figuring out why my Google Home Devices would NOT broadcast ANYTHING. I had use option 4, block Google DNS, so it forces to use my pihole server.
So to use option 1, @wernerhp what was your CA/domain provider for it, because for the life of me google DNS keeps on interfering even when I created a wildcard duckdns.org let’s encrypt cert (eg *.mysubdomain.duckdns.org) [side note i did test my test.mysubdomain.duckdns.org to see if it got a valid certificate which it did via the browser].
I have two domains that I manage with FreeDNS, e.g.
- internal.my.domain.com pointing to my internal IP
- my.domain.com pointing to my public IP
I then use a custom ACME Shell add-on to generate Let’s Encrypt certificates for *.my.domain.com and my.domain.com. Not sure if it’s necessary for include the latter, but that’s how it’s currently configured.
Hi @wernerhp,
That really clears up some thoughts into scenario 1, why it was working without blocking the google dns servers.
BTW with your ideas about blocking google dns servers help fixed some other weird issues I was having with my Google Nest Max Hub and Home Assistant.
Thanks!
Solution 4 is credited to others in this and other threads. I just included it for completeness sake. A’m glad it works for you.
@kintaroju, care to elaborate on the other weird issues that were solved by blocking the Google DNS servers? Maybe some of us have a problem we’re not even aware of
The issues I had are the following below:
-
for the life of me most of my external cameras would refuse to stream to my google nest hub max device, and would kinda work on my tv (tv has built in google chromecast device, I suspect it was following the internal DNS server)
-
the lovelace UI would NEVER cast onto my google nest hub max, even though I knew for a fact I had the correct syntax setup. After doing the DNS blocking, decided to give lovelace casting another whirl, and then bam, it works.
So for a matter of fact, I know that the google DNS is totally playing an evil hand in the grand scheme of things lol.
That sounds similar to the issues I had. My issue seems to stem from the fact that I had SSL enabled on HA and it works for a specific domain which pointed to my public IP. Accessing content with the local IP would present an SSL security warning.
So when you play TTS, it caches the audio on HA and casts the audio to the speaker (with the configured HA internal URL - which was my local IP). When configured to an IP, the security warning prevents the speaker from playing the audio.
Configuring the HA internal URL to my domain results in the DNS lookup to return my external IP. Since the speaker is in my network, the external IP routes to my router and so the file cannot be found.
The internal subdomain allows the SSL to pass and the DNS lookup get’s the internal IP of my HA instance where it can find the file.
Similar issue would likely occur with security cameras when using a public domain. So another domain e.g. cams.my.domain.com that has the IP of your DVR/NVR might solve the casting camera feed issue.
DNS blocking probably works because the speaker will falls back to the router/PiHole/AdGuard DNS where you likely have a DNS rewrite configured to resolve the public domain to your local IP. Although, I’m not sure how this works for different devices (e.g. HA and Cams) using the same domain. Do you have DNS rewrite configured?
Yea, on my PiHole I had DNS rewrite enabled/configured HA. The Cams were always internal but going through Synology Surveillance Station, so going through another HA integration to get them to be viewed. The problem seems to be stemmed from that DNS issue as it never was viewable on my google nest hub max.
For the camera/synology HA integration isn’t perfect at the moment as a side note as they are still having weird issues like rotation of camera being incorrect, but at least for some part it’s streamable now instead of not lol.
So I have a 5th solution ;-)… until recently Google TTS was working fine with my Google speakers. After I phased out some deprecated features, of which one had to do with deleting some lines of code in configuration.yaml and instead supply the internal and external URL under Configuration -> General, Google TTS stopped working for me. When I entered some text and pressed play the selected Google speaker did turn on but then nothing happened. If I understand correctly when you enter some text, this text is stored in a file within Home Assistant which in turn is read by the Google speaker through Google cast.
I have my own public domainname and therefor installed the Dnsmasq add-on so that I can browse to Home Assistant on the same URL both internal and external. This way I could use a Let’s Encrypt certificate to secure access to my Home Assistant. Because apparently Google speakers by design use Google DNS to resolve stuff, the speakers would resolve my FQDN to my external IP… this caused Google TTS to break.
As I’m not using a supported DNS provider I can’t request a wildcard certificate for my domainname… I can request a SAN certificate ( Subject Alternate Name). So that’s what I did, I changed my internal URL to internal.domain.com en left my external URL the same (external.domain.com). After that I requested a new certificate from Let’s Encrypt et voila, I received a SAN certificate for internal.domain.com and external.domain.com. After that I changed the IP address of internal.domain.com (which get’s resolved over the internet) to the internal IP of my Home Assistant and now Google TTS is playing nice again with my Google speakers.
Couldn’t be happier
Cheers, Chris
Nice! Thanks @chrisketting
Does this require manual intervention (to change internal.domain.com’s IP from your public to your and internal IP) every time you renew the certificate or will auto renew work once this is set up with SAN?
Hi Werner,
Yes it will, but having a TTL of 600 seconds helps to renew on a lazy Sunday evening
Struggled with the same issue. I am running my HA behind an enterprise loadbalancer and accessing it with the same URL even if I am on my internal network or external. I have created an alias in my local DNS server for my HA VIP address. When I looked in my firewall logs I saw the Google Home speakers tried to retrieve the MP3 files from the correct address, but it was resolving it by using Google DNS servers (which resolves to an public IP) which means it goes to Internet to find my HA server, that wont work.
So, as others here also has suggested, block the Google Homes/Chromecasts from using those DNS servers. This is hardcoded in all those devices from Google, but if your create a simple rule in your firewall for only those devices to block 8.8.8.8/8.8.4.4. it will revert to use the local DNS servers provided by your local DHCP server and resolve your HA server from the correct DNS server and locally.
That solved it for me. Block Google DNS servers, and voila I can annoy my family with all kinds of funny voice messages all day long from HA (which is really cool and something I find extremely funny and useful at the same time - not sure about the rest of my family though hahaha)
@wernerhp
Just want to say THANK YOU !
You very detailed troubleshotting and alternative solutions saved me a few hours (Or days)
My solution:
- Add internal and external url in the configuration.yaml file under homeassistant section
external_url: https://mydomain.duckdns.org
internal_url: http://192.168.1.xxx:8123
- Install NGINX Home Assistant SSL proxy and configure it
- Port forward on my router external 443 request to 192.168.1.xxx(internal url) 443 port
- Remove http section from the configuration yaml file
- add base_url to tts section
http://192.168.1.xxx:8123
(this step is optional i guess)
These steps helped me to solve playback issues of both google nest mini and my speaker connected locally through MPD.
I have a couple of questions:
For blocking the dns, is the both ways? Or reject only from remote?
If i use ssl, my http://ip doesn’t return the web page, I can only use https, and that seems to be the problem with trying to play media and use tts through the google homes.
@wernerhp recently the newer google nest speakers don’t like how I have the firewall rules to block google dns servers nor do they like how I forward all google dns queries to my pihole server. I get the “hmm something went wrong, try again in a few seconds”. I validated this with another speaker and allowed it to talk to google dns servers, and then bang no more issues for days on end.
I am now thinking of how to get duckdns (doesn’t have to be duckdns, just a free dns provider works too) and let’s encrypt get an internal/signed IP address that will work, if anyone has ideas I’m game.
Do you have a sample nginx config by chance?
For those that stumble upon this thread, I’ve managed to set it up with Nginx finally. There are a few things you need to do if you are converting over:
- Change your Google Project settings to the correct port:
Google Assistant - Home Assistant - Follow the below dock to get an understanding for NGINX and HA:
Home Assistant + Nginx: Unencrypted Local Traffic - Resetup your Router with the correct port for port forwarding eg 443
- Change any urls that point to the external url to the new internal url eg google_tts
- Depending on your setup for HA you might need to enable trusted proxies:
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
- 192.168.xxx.0/24 # network range of nginx proxy server location
([solved] "Unable to connect to Home Assistant" from WAN (Duck DNS + NGINX) - #44 by Dani_Leal is the info about the trusted proxies i relied on)
Once you do the above you’ll find that google tts will work smoothly and without issues and possibly faster as there is no more encryption requirement
Hi,
I have installed a local ssl certificate on my raspberry pi. I can not access my homeassistant using https from browser and from homeassistant android app. But now TTS has stopped working.
Kindly guide how to solve this.
My SSL certificate is configured for myhome.com
Please guide how do I setup using Solution 1.
Regards
How to block Google dns for only nest mini on adguard home ?
Kindly guide