Weird Login Issue

I’ve got HA set up on a RPi3 using the Manual Install instructions and set up SSH encrypting using DuckDNS and Let’s Encrypt as described here: https://home-assistant.io/blog/2015/12/13/setup-encryption-using-lets-encrypt/

Everything seems to work fine. I have Alexa connected to my HA and it invokes the service without problems.

Then I see this weird sequence:

• Hit https://myserverhostname.duckdns.org -> everything works
• Hit Alexa (using the above address) -> everything works.
• Wait a period of time… ~12 hours
• Hit https://myserverhostname.duckdns.org -> get the login screen. Password times out with an ‘undefined’ error.
• Alexa provides the same response.
• Hit https://myserverhostname.local:8123 -> everything works
• Now suddenly, https://myserverhostname.duckdns.org works again. Alexa works too.

I have no idea why logging into my HA from the local network would suddenly stop an issue where logging into HA from duckdns makes it hang. Why would the duckdns proxy suddenly work, and why does it stop after a while? I’ve reproduced the above sequence multiple times, so I know that hitting it from the local network ‘fixes’ the issue for a while. I’m racking my brain and can’t figure out what it is.

Any thoughts?

Not seeing anything in the logs? Also, if you see this error and then clear the browser cache, do you still get the login page?

Only thing I see in the logs is this issue: Fatal read error on SSL transport

Cleared the cache and confirmed via the developer’s console in Chrome that the login page is fetching okay.

The bizarre thing is that it works from inside my network, even though I’m going out to DuckDNS and back - but it doesn’t work from my work. I’m going to try it from a coffee shop or something and ensure it’s not some weird firewall issue at work.

Do you use a port number in your URL to access it from work?

Most enterprises limit port usage to 80 and 443 unless there is a request to open one.

Also check to make sure your SSL cert perms are correct and that it hasn’t expired.

I don’t use a port in the URL, but https:// should default to 443. (Again, the login page is fetched without a problem, so unless DuckDNS is caching that as a proxy, the home assistant running on my pi is returning that on 443.) I know it isn’t port 80 because I set up the port forwarding myself, and my ISP (Cox) blocks port 80.

We are a development shop and I have full control over the firewall and control the policy so it’s not a policy thing unless it’s some stupid thing I’m not aware of that happened which is the only reason I plan to try from another location.

I just issued the certificate a week ago. It’s still good and an expired certificate wouldn’t allow me to get to anything, would it?

And perms are good? Hass user owns and can access them?

Yes, if Hass didn’t have ownership of them it wouldn’t work at at all, would it?

I would think not. Only reason I mentioned it is that in researching your issue in the forums, the same error message was related to that issue.

One other interesting thing… Alexa works fine. (Which I’m assuming means it is hitting from the Amazon cloud) until this error happens, then it stops working. (So it would seem nobody can it it from outside my home network) But once I log in again from my home network (not restarting the server or anything) then bam - it’s good again. (Suddenly starts working outside again.)

So in short - It’s behaving as if hitting my HA from work for some reason puts it into a bad state until I hit it again from home. I am just completely puzzled.

I’m running out of ideas, but here’s the last two things I could come up with:

• Are you using ip_ban_enabled: True ? Or maybe left it in there and forgot (granted, this should prevent you from logging in at all, but I’m grabbing at straws…)

• base_url ?? (Again, can’t see how this would be an issue - if it was wrong, you’d have other problems, I think)

You may want to post your sanitized http config from configuration.yaml and see if it triggers something I missed.