Unable to connect to Home Assistant using personal domain

Minimal · November 10, 2025, 6:40am

My am using my on personal domain, not duckdns or nabucasa subscription to connect to HA remotely, previously it was working fine, but not sure what changed this has completely stopped working.
Now if i go to ha.mydomain.com i get the option for user/pass after inputting the user/pass i get this error below.

Unable to connect to Home Assistant.
a countdown timer to retry.

I have enabled websockets in NPM, still no luck. All my other apps are working fine with Cloudflared generated SSL certs.
I tried cloudflared, caddy and npm i get the same error again and again, is there something I need to enable within HA or HA configuration.yaml or any other file for external domain to work?

IOT7712 · November 10, 2025, 7:55pm

Did you change anything on your router? Is your HomeAssistant device allocated a static IP Address from DHCP on your router? Any port forwarding rules in place?

Minimal · November 10, 2025, 8:04pm

I have a static IP from my ISP and use a Unifi UDM-SE as my home router, which handles DHCP. If a firewall or policy blocked the IP or ports, I shouldn’t even see the login page, right? But the login page appears, and the “Unable to connect to Home Assistant.” message only shows after I attempt to log in.

Sandalman · November 10, 2025, 8:09pm

Do you use the cloudflare tunneling?
Did you enable the cloudflare add-on?
Is the IP address blocked in the file “IP bans”

phillipsau · November 11, 2025, 4:11am

Hey, I have the exact same issue. I used cloudflare with nabucasa cloud subscription. Sometimes it works, and I can use the custom domain but, most of the time it doesn’t work. Please let me know fi you have any fixes and I will do the same

Minimal · November 11, 2025, 5:59am

Thats all checked, ip bans are false, using cloudflare tunning, its perfectly set.
enabled cloudflare integration, but i think that is for dns.

Sandalman · November 11, 2025, 6:15am

Are you using the HA App or a browser.
If App try browser if browser , try a other one or private mode.

Minimal · November 11, 2025, 6:16am

Tried several different browsers, both in pvt in edge, in incognito in chrome and also in safari, result is the same. both on off network, and on the network.

mmstano · November 11, 2025, 6:22am

Restart your router if you haven’t tried that already. You’ll be surprised by how many times routers can “hang up” due to some anomaly in their cache.

Sandalman · November 11, 2025, 6:24am

Or try a different user account.
Or a VPN from a other country

Minimal · November 11, 2025, 6:35am

I changed the IP address, provided a different dns, changed the fqdn for remote url, added all the details differently for the cloudflared tunnel, still the same error. is there some settings within HA that could be causing this?

Minimal · November 11, 2025, 8:00am

SOLVED: Home Assistant WebSocket Connection Failed Through Cloudflare Tunnel - “Worker threw exception” Error

Problem Description

When accessing Home Assistant externally through Cloudflare Tunnel (hassio.mydomain.com), the connection would fail with:

“Unable to connect to Home Assistant” error in browser
“Worker threw exception” error page from Cloudflare
HTTP 500 Internal Server Error on WebSocket upgrade requests

However:

Regular HTTP requests worked fine (got 405 Method Not Allowed responses)
Local access to Home Assistant worked perfectly
Direct WebSocket connections from the tunnel server to Home Assistant succeeded (HTTP 101 Switching Protocols)

Environment

Home Assistant with SSL enabled
Cloudflare Tunnel (cloudflared) running on a separate server
Dashboard-managed tunnel (token-based authentication)
Cloudflare Workers deployed on the domain

Root Cause

The issue was NOT with Home Assistant or the Cloudflare Tunnel configuration. The problem was a Cloudflare Worker route pattern that was intercepting ALL requests to the domain.

Specifically:

A Worker route was configured as *mydomain.com/*
This wildcard pattern caught ALL subdomains, including hassio.mydomain.com
The Worker (nonce-injector in my case) was designed for static web pages and didn’t handle WebSocket upgrade requests
When WebSocket connections tried to establish, the Worker threw an exception

Solution

Modify the Cloudflare Worker route to exclude subdomains:

Go to Cloudflare Dashboard → Your Domain → Workers Routes
Find any route matching *mydomain.com/* or *.yourdomain.com/*
Click Edit on the route
Change the route pattern from:

*mydomain.com/*

To:

mydomain.com/*

(Remove the leading asterisk before the domain)
5. Click Save

This change makes the Worker only run on your root domain (mydomain.com and www.mydomain.com) but NOT on subdomains like hassio.mydomain.com, immich.mydomain.com, etc.

Alternative Solution (If You Need Workers on Subdomains)

If you need the Worker to run on some subdomains but not hassio, modify the Worker code itself to bypass Home Assistant:

addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})

async function handleRequest(request) {
  // Bypass Worker for Home Assistant subdomain
  if (request.url.includes('hassio.mydomain.com')) {
    return fetch(request);
  }
  
  // Your existing Worker code here...
}

Troubleshooting Steps That Led to the Solution

Verified Cloudflare Tunnel configuration (all WebSocket settings were correct)
Confirmed SSL was properly enabled in Home Assistant
Tested WebSocket connections directly from tunnel server to HA (worked perfectly)
Checked for Cloudflare Access applications (none found)
Examined the “Worker threw exception” error message → indicated Worker interference
Found the *mydomain.com/* Worker route catching all subdomains

Key Cloudflare Tunnel Settings (For Reference)

These settings in the tunnel configuration are recommended for Home Assistant:

originRequest:
  originServerName: hassio.mydomain.com
  noTLSVerify: true
  disableChunkedEncoding: true
  noHappyEyeballs: true
  http2Origin: false

However, these settings alone won’t fix the issue if a Worker is intercepting requests.

Testing the Fix

After changing the Worker route, test immediately by:

Opening Home Assistant in a browser via the external URL
Checking browser DevTools → Network tab for successful WebSocket connection (Status 101)
Verifying real-time updates work (state changes, etc.)

Prevention

If you’re deploying Cloudflare Workers on your domain:

Use specific subdomain patterns instead of wildcard patterns
Example: www.mydomain.com/* instead of *mydomain.com/*
Or add bypass logic in your Worker code for services that need WebSocket connections

Additional Notes

This issue affects ANY service behind Cloudflare Tunnel that requires WebSocket connections (not just Home Assistant)
The “Worker threw exception” error is a clear indicator of Worker interference
API tokens may not have permissions to check Worker routes, so manual dashboard inspection is often necessary

Hope this helps anyone else facing the same issue!