Hi all, first post here. I’ve been all through the HA configuration and I’ve set my hostname to the internal FQDN that it should be. This was set both in the network settings of the GUI as well as the Hassio CLI. I’m running the docker version of HA in vSphere.
Has was getting it’s IP by reservation via the local DHCP server, but i changed to static to see if that would change anything with the hostname, it didn’t.
I’m stumped as to where this internal TLD is getting tagged onto my hostname(see screenshot). Any help would be much appreciated!
It’s using MDNS.
That is The ‘TLD’ (it’s not a tld and it’s not exactly DNS) for MDNS.
See also the reason why .local should not be used in DNS anymore. MDNS uses it
Thanks for the reply. Can mDNS be disabled in the HA environment and name resolutions directed to another server?
I’d have to look at your complete setup but it should be as long as you setup a local DNS server…
What problem are you ACTUALLY trying to solve?
Mostly just the cert from the internal CA. And manipulating client device hosts files isn’t going to be a good workaround in this case.
It should be resolving your internal DNS. Mine does. (I use a subdomain off my external for my internal network, my ha box appears as homeassistant.(internal) AND homeassistant.local. But there’s a lot going on between the containers you need to be aware of.
Specifics on what’s going on. Cant solve ‘mostly the cert’ it’s a bit vague.
mDNS is not a replacement for DNS, but an addition.
If you do not want to use it then just ignore it and use normal DNS.
mDNS and the Bonjour protocol is however used for discovery, so disabling/removing it will make you lose features.
1 Like
Thanks for the response. I’m a bit weary of disabling mDNS, i’m worried it would break things, we have around 100 devices controlled by HA.
So what’s the recommended solution for dealing with hostname(s) for the security certificate? I have an internal CA that issued a certificate to the HA server for “ha.domain.lan”. Browsers and the HA mobile app both balk at the cert mismatch. Do you just add “ha.domain.lan.local” as a SAN in the signing request and issue it that way?
Just access it at ha.domain.lan
Any additional naming is additive - it doesn’t replace anything… Then the cert won’t blow up.
Instructions for setting up HA to respond to a specific url with SSL is here :
Set that up with whatever urls you want SSL on and your cert has to be resolvable in DNS and match either the subject or one of the SANs in the cert. No exceptions. But if you only want one url the only put one. But you MUST then use one of the SSL urls to access ha from that point forward and your CRL must be resolvable.
You need to make sure the name in the certificate can be resolved through DNS and then you make sure the browser and mobile devices have the CA included as a trusted CA in their certificate store.
1 Like