Hello! I keep getting the following error whenever I try to set up a voice assistant, and I’m pretty sure it has to do with https. I’ve followed all instructions on the help me page, to no avail.
Does anyone have an idea what I can do or try?
To play audio, the voice assistant device has to connect to Home Assistant to fetch the files. Our test shows that the device is unable to reach the Home Assistant server.
The voice assistant uses the local address in HA settings. Verify the address is correct and accessible by voice assistant
Also, my voice assistant uses https(cert likely needs to be valid. Mine is)
Look at logs from esp device in the devices webUI or using esphome builder
I have my HA instance using HTTPs via the DuckDNS instructions, and have the local address set to HTTPs as well. How do I ensure my cert is valid?
Browse to your HA instance using HTTPS
Click on the lock symbol in the address bar
This is assuming you haven’t directly added the certificate to your computers certificate store as trusted, as is often done with a self-signed certificate. The details tab should show it traced to a Publicly trusted Root Certificate authority.
A point of education: Certificate validity testing only works because Operating system vendors like Microsoft or Debian, etc. distribute and maintain root certificate stores for all valid Root issuers in the operating systems in an out of band fashion (Windows updates for example). This is one reason end-of-life operating systems stop working on the Internet. When the existing root certificates expire, the browser will no longer be able to open secure web sites without certificate errors. This can take years to occur, however as root certificates can last 10 years.
It’s not. You’d know if it was.
EDIT
If it connects to duckdns address then the cert may appear as valid.
If it connecting to https://haip then it will not be valid
Browser only trust cert for verified authority stored in browser. Same is true on devices
The cert basically says “this cert is for domain.com” . It will not work for IP. For this reason it may be valid through duckdns but not when accessed direct at IP.
this is not same as saying it is not encrypted /secure (https). It just means the browser/device cannot guarantee the identity of the domain/ip.
It’s like an ID. A passport is given by a trusted authority. We have know trusted authorities for providing ID. A library can provide ID but it is not universally accepted. You standing with ID I can confirm photo (domain matches name in cert). If face doesn’t match name I will say ID not valid(IP address not on cert).
Thank you both for the help here- I’m finally getting back to solving this, so I apologize for the delay. I’m seeing that when I go to the certificate information for Duckdns it says “Connection is Insecure” which is making me think I’ve done something incorrectly setting it up. Do you have any insight?
Whatever ip or domain you use must be reachable by voice device and if use ssl it must have valid ssl cert
