"Unable to connect to Home Assistant...Retry"

I’ve been pulling my hair out for months. I have xxx.duckdns.org set up and I originally port forwarded to 8123 ->8123 to HA IP address. Then I had NGINX set up. I modified to have my port 443 forwarded to port 443 for HA IP address. Not working. I was watching PinkyWafer on YouTube while trying to figure this out for months, and said Why Not…and added…

tts:
  - platform: google_translate
    base_url: http://192.168.1.79:8123

I can get to HA via HTTP (both 192.168.1.79:8123 and http://homeassistant.local:8123), but when I use HTTPS…I get the HA login screen. I enter my credentials (including 2 part authentication) and it stalls…giving me “Unable to connect to Home Assistant…Retry”

I have my devices and automations working fine and using HA on my internal network, but I can’t get the external to work. I even tried DNSMasq like PinkyWafer recommended and it did not work. What gives?

If I read this right you can’t connect locally over https, am I right? If so, then that could be the root of your problems.

Actually, that’s partially correct. I don’t care about https locally. I’m trying to use the HA app on my iPhone to connect remotely. I turn off wifi and use LTE to verify my https login. I can’t enter the https address and get a connection. If I enter https locally via say a MacBook, then I get the error. I would also love to enter the http://xxx.duckdns.org and have it resolve. That was the point of trying the PinkyWafer recommendation and DNSmasq.

Did you try forwarding 443 to 8123? Does your router support DNS loopback/Hairpin NAT?

I did try forwarding 443 to 8123, with no Joy. All the instructions call for 443->443 with NGINX. I tried turning off NGINX and just using the 443 to 8123 forward, but that didn’t work either.

It’s an AT&T BGW210-700 and I can’t tell if it has DNS Loopback.

I just tried it again with 443 to 8123 (leaving NGINX started)…no joy. Then turned off NGINX leaving port 443 to 8123…no joy.

Just fyi, when I forward 443 to 443 to HA IP, any port checker I use, shows the 443 port as CLOSED. I’ve talked with AT&T and they are not blocking the port if I’m not using UVerse TV, so I’m assuming an SSL access is involving some form of encryption and keeps the port closed anyway. Hell, I don’t know, maybe I’m making this up, but this is the data I’m encountering.

So here’s a dumb question…If I’m on my internal LAN, can I enter HTTPS://xxx.duckdns.org and expect it to resolve? I don’t know anymore. I guess if I can’t get any help with this, I’ll go over to Nabu Casa and try that. For $5 month, it’s a steal compared to the absolute aggravation that HA has dished out to me.

Resolve, yes. Connecting however requires your router to support NAT reflection (aka loopback NAT, or hairpin NAT).

The NGINX proxy logs should help you work out if anything is even reaching NGINX, as will tools like this.

I don’t think my router supports, which is why I tried the DNSmasq integration I mentioned above after watching PinkyWafer on YouTube. Unfortunately, it did not work either.

I went ahead and bit the bullet and signed up for Nabu Casa and it’s not working outside of my network either (could not connect via LTE on iPhone), so now I’m really confused.

With NabuCasa you have to turn the Remote UI on. Have you done that?

Ok, I think I solved my Nabu Casa issue. The instructions were a little hard to understand, but I had to login via the iPhone HA app on my local LAN using http://homeassistant.local:8123. Then go to Configuration section (not configuration.yaml for others reading) and turn ON Remote UI. I was turning it on from my laptop and it was not working. It will ask for my login credentials and establish the SSL Link.

I still don’t know why my DuckDNS & NGINX approach would not work, but I can’t figure it out and the open source support is so time consuming. Makes me nervous to work much further to integrate this too far, in the event I run into problems. I have an immediate need for using webhooks from cameras as motion detectors for outside lighting. If it works, then I will gladly pay the Nabu Casa fee for now vs spending another 2-3 months trying to troubleshoot DuckDNS issues. One thing is clear, HA is a long way from being a prime time product.

Thanks for everyone’s help

To be honest, if outside port scanners say a port is closed then I think your problem lies with your router, not HA.
Have you ever tried setting up NAT routing from and to 8123 and connect externally?

1 Like

Don’t disagree. AT&T claims they are not blocking the port, but that interaction has been a fiasco. The Pace 5268ac modem was designed to have the port forwarding setup cleared every 12mths per their technical support. They provided me a new BGW210-700 is not suppose to do that.

I tried setting up 8123 to 8123, 443 to 8123, and nothing works. I have tried https://xxx.duckdns.org:8123 with no joy. I don’t know if it’s a certificate, a router issue, me, HA, but I have spent months and can’t make this work. Think about this…if it is an AT&T router issue, then this problem will become bigger than just me and affects a broader community. I’m not an expert, but I’m damn sure not a novice. In fact, I’m in the fiber business, so I have some technical depth. I would love and welcome anyone willing to help me figure this out.

Thanks

So…I just had a nearly identical problem, only difference is I don’t use nabula casa…
Duckdns setup
Forward 8123 setup
Forward 443 setup
Nginx setup
Been working for over a year, check

Suddenly it’s not working…
I can connect locally just fine, check
I can connect direct IP to 8123 or 443 just fine, check
Direct IP https doesn’t work, ok here is the problem.
Duckdns reports correct IP
Turn off Nginx, wait a bit, turn back on…
It now works again…

\o/ woohoo

edit: my guess is nginx needed a certificate renewal, which it auto does when started up…just a guess though…
edit2: my setup is using a free Google assistant connection, it not working when it worked 10 minutes earlier is what started the diagnosis.

Did you find a solution? I have the exact same issue. All of a sudden, my duckdns domain will not work
Also app says an ssl error has occured and wont connect.
I noticed duckdns addon was needed and an update and so was NGINX. I updated both and followed documentation for each. NGIX said to delete to comment the ssl entries in config.yaml so I chose to comment them.
none of this worked.
I was working on some template sensors and all of a sudden home assistant crashed and wont load

Hmm…well, if it’s full on crashed and won’t load, and you can’t connect locally, then try rebooting the pi, as in power off, wait a minute, power on…if that works and then fails after a while the sd card might be going bad (database is being corrupted), if it doesn’t work the sd card may be fully bad (corrupted install). If it works locally then it’s NOT the pi itself or the sd card. Just make sure everything is setup in a known working config (restore a recent working backup if needed) In my case, as mentioned above, when I stopped then started Nginx it fixed the problem.
Mine will say SSL error if I type https and manually put a port, with Nginx running you just need https and no port, and have your router and cable modem forwarding port 443 and 8123 to 443 and 8123 - on the pi
If duckdns stopped working, try renewing your certificate.

I was having a similar issue (version 2022.11.4) and the fix for me to was to toggle the “Automatic” setting under Settings > System > Network > Local Network > (Automatic). The setting doesn’t seem to stay enabled, but after toggling that from my phone app it fixed the issue.

I am accessing it via the same https reverse proxy from internal and external.

Solved. I had Norton VPN tuned on on my IPAD and it was not allowing me to connect using the HA App.