Unable to connect to Node-RED or UI

Marts · May 27, 2022, 10:18am

I’ve been happily using Node-RED with HA for a couple of years.

I can see Node-RED from within HA but since yesterday am unable to connect directly (https://homeassistant.local:1880/) and can no longer view the UI (https://[host]:81/endpoint/ui).

The browsers report “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” expanded shows:

Unsupported protocol
The client and server don’t support a common SSL protocol version or cipher suite.

I’ve tried different browsers from different PCs and mobile devices - all fail to connect. I’ve updated HA software, rebooted, turned-off-and-on-again.

What do I need to fix and where will I find it?

WallyR · May 27, 2022, 3:32pm

Check your SSL settings and certificate

Marts · May 27, 2022, 4:17pm

I can see root/ssl/fullchain.pem and privkey.pem files and they have “random” text content.
I’ve looked at Developer Tools YAML “check configuration” and that reports configuration valid.
Where/how do I check SSL settings?

WallyR · May 27, 2022, 4:42pm

The yaml check configuration only checks the yaml files for some basic errors.

You need to read the documentation for the integration.
The strange text is probably your certificate.

Mikefila · May 27, 2022, 6:11pm

Have you tried the direct IP eg https://192.168.0.10:1880. Are you using https? duckdns? are your certificates up to date, go to the addon stop and start it, then look at the log page.

Marts · May 28, 2022, 11:02am

I’ve tried multiple browsers on different devices (Win10: Chrome, Edge, Firefox, Vivaldi; iOS: DuckDuckGo, Safari).

I’ve tried direct connection on local LAN with HTTP and HTTPS

https://192.168.3.87:1880/ gets the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” response
http://192.168.3.87:1880/ get “The plain HTTP request was sent to HTTPS port” response

I’ve played with installing NGINX SSL proxy this morning - not resolved the issue.

Tried to create new SSL certificates - installed “Let’s Encrypt”. Failed to generate new certificates as it can’t get to HA:

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Sadly considering whether to do a complete RasPi/HA rebuild - reluctant to do that as I don’t understand what’s changed and gone wrong this week?

Mikefila · May 28, 2022, 1:33pm

You can try to reinstall NR. Export all flows by going to the NR folder and copy flows.json. Remove the addon, rename the NR folder to NR.old reboot everything (host) not the just server.

The other thing you can try is the light ssh install that doesnt use port 80 and cerbot.

https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt

Marts · May 28, 2022, 4:36pm

Thank you so much @Mikefila.

I’ve uninstalled NR, restarted Pi, installed NR, started it, stopped it, copied across the flows,json, restarted NR … and it now all works!?

Having played with Nginx, it seemed like a “good thing to have”, so I’ve also re-installed that and (I think) I have that running too.

Connecting to NR through port 1880 works again and the NR UI works again.

Cheers, Martin.