I created an alarm rule in Unifi Protect, this alarm is triggered when a known face has been reconized. When it does it should trigger the webhook automation in Homeassistant.
But I cannot get it to work.
When triggering the automation by using the curl command it works flawless, the automation starts and the actions are being executed.
When a known face is beeing reconized the alarm rule in Unifi Protect detects it and send me an email.
So both worlds do what they should do.
The things is, my homeassistant is not secure for my local enivronment from the outside I use a certificate registered on my domain.
The domain from the outside is different then the one we use locally, locally I use the homeassistant.local domain.
So if I execute a curl command to the endpoint it will throw an exception
curl: (60) schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect.
To fix this I just add -k to the curl command and the command is now ignoring the certificate error. This way the automation will be triggered.
From Unifi protect I cannot provide additional arguments to the post command. So I am assuming that when I do the same POST from Unifi Protect to HomeAssistant webhook that this is being blocked by the ssl exception.
Is there anyone that could help me out or point me in the right direction to get this working?
I have a similar problem (using self signed certificates for my internal SSL/TLS configuration), and I had the same result - could get it to work with ‘curl -k’ from another host but otherwise it was failing because of SSL certs weren’t lining up. I tried creating my own ca-certificates.crt, but that didn’t work either because, apparently node uses it’s own ca-certs file, not the system one.
I don’t necessarily recommend this, but what is working for me is to edit the environment defaults on my UKCG2+ for protect, at /usr/share/unifi-protect/app/default and add
NODE_TLS_REJECT_UNAUTHORIZED=0
to that file, then restart protect.
Again - this turns off all TLS validation for that app, so watch your step. It may also be overwritten when the app is updated.
Oe almost forgot about this topic, here is an update.
I reached out to the Ubiquiti support desk about this issue, added a support ticket and they picked it up. After sharing a few log files, they start working on the issue and found the bug.
They told me that in the next Protect version the issue would be resolved.
So I’m waiting for this update and will test it again.