500 Internal server error while stting up

[rallek]

IMPORTANT: Please search the issues, including closed issues, and the FAQ before opening a new issue. The template is mandatory; failure to use it will result in issue closure.

see also #2136

Describe the bug

I am new to HA and want to install Alexa Media Player. All went fine until I have to do the captcha. There I am running into a 500 error. Even if I want to get a new picture. The path I have mydomain.org:8123/auth/alexamedia/proxy/verify

To Reproduce

fresh install restart Home assistant add integration alexa media player fill the configuration (amazon unser, amazon, password, amazon.de for region, home assistant url, 2FA key) and send check the OTA key

login for alexa is comming up prefilled amazon login and password press button to login

captcha is showing (/auth/alexamedia/proxy/ap/signin/144-3911749-1675617) clicking on "neue Zeichen anzeigen" causes an 500 (Server got itself in trouble) or filling the captcha question is doing the same

Expected behavior

The integration shall install proper

Screenshots

System details

• Home-assistant (version):
• alexa_media (version from const.py or HA startup): 4.80
• alexapy (version from pip show alexapy or HA startup): 2023.12.0
• Amazon 2FA is enabled (y/n). <!---We will not debug login issues if unanswered--->: yes

Logs Please provide logs.

Additional context

[rrubin0]

TL;DR - Alexa hates your proxy, use https.

I'm running Home Assistant Core on Docker, and I've been using Alexa Media Player for a few years now, ever since the early betas and it has proven to be solid. I recently renamed one of my dot devices, which naturally caused it to become unavailable within Home Assistant. In my attempts to add the device back, I deleted the integration to simply add it again, with a fresh list of included devices. This turned into a bit of a nightmare, as I experienced the dreaded "500 Internal Server Error" described here.

I tried numerous ways to resolve the connection. Again, it was working fine, I just wanted to add the renamed device back, so I already had 2FA established and a successful connection from Amazon to HA. I finally determined that the problem must be due my migration to NGINX using http instead of the native https connection I used to have when I originally set up Alexa MP. I tried to add a proxy rule to allow the Amazon sign in, and I also tried to add the 2FA key manually. Neither method worked.

What solved the issue for me permanently On a hunch, I decided that I would try going back to https to see if Alexa MP could successfully connect. This worked EFFORTLESSLY using the preferred authentication method in the integration (no long key needed). It authenticated on the sign in page without hesitation, accepting the 2FA code and instantly added the integration back to my HA with my newly renamed device back online and happy. After testing successfully, I changed my firewall rules back as they were, using NGINX and http and the integration still works fine.

To temporarily enable https, I created a new subdomain with my DNS provider, then I configured LetsEncrypt certbot to issue a new certificate using the new subdomain and modified my firewall policies to: temporarily disable my inbound https:443 -->HA directly and created a rule to forward/translate inbound https:443 -->HA:8123.

Then I edited configuration.yaml to include:

## enable ssl to use hassio url:8123 ##
http:
  ssl_certificate: !secret ssl_cert
  ssl_key: !secret ssl_key

Then I restarted HA, which was now accessible at: https://newsubdomain.myhaserver.com:8123 I used this new address when setting up the integration so it could perform the authentication, and it continues to work after moving it all back to http and letting NGINX handle SSL as it did before.

I'm not an NGINX expert, so I'd be curious if someone smarter knows of a proxy rule that does work. For me, this was not trivial, but it was a heck of a lot faster than the other methods that I tried or were suggested in this thread and ultimately more secure too.

[jazzmonger]

It should NOT be this difficult. The sooner I can turn off Alexa, the better. We'e almost there....

[rrubin0]

We're already there. I'm just documenting what fixed it for me. This issue is in no way the fault of the awesome folks (who are not paid developers) who have spent countless hours to make the platform available to us (as an unsupported custom component, btw). The root cause is Amazon and the ever changing code base and authentication requirements. Frankly, I'm amazed the maintainers of this project have kept up for so long. Alexa MP was the reason I switched to core, actually. I was such an early adopter that no add on existed. A few config modifications and hoops to jump thru are to be expected.

[dakidjersey]

I just got mine working 5 mins ago I cleared everything on my chrome browser cookies cash and history was all cleared I tried again and it worked

[alandtse]

Timeout errors are caused by network issues where the proxy isn't able to communicate with Amazon or alternatively your browser cannot communicate with the proxy. Disabling IPv6 on HA just for login will sometimes fix that.

[pbolo]

any news? I install e use another browser for the problem of cache of browser. But it doesn't work anyway.

[BatemanJo9]

You need to have SSL keys on your server if you are running locally. If you are not then you need to be using your cloud link from Nabu Casa. logged into HA with the cloud link AND using the same link in the Amazon login information so some nasty security thingies can be exchanged. And then be done with it and enjoy :) SSL is the key here.

[stas1000]

Same issue here. 2fa is enabled Alexa intergration is an enrolled app tried using http url and duck dns url without luck 500 error

[pbolo]

I solved it by simply changing the amazon password. after that with the new password it started working

[MaJerle]

I solved it by simply enabling the OTP on Amazon.

[rrubin0]

I suspect that if you solved it simply by changing your password or by enabling OTP, then you are probably running HA over https and not through a reverse proxy, such as NGINX, correct?

[MaJerle]

I suspect that if you solved it simply by changing your password or by enabling OTP, then you are probably running HA over https and not through a reverse proxy, such as NGINX, correct?

No reverse proxy for me.

[harobertocpf]

Hola,

¿Me podéis ayudar de una manera fácil? no soy un experto y tengo el mismo problema

gracias

[harobertocpf]

Hola,

Tengo el mismo problema y no lo consigo, ¿me podéis ayudar de una manera fácil? no soy experto

Gracias

[stas1000]

Changing password didn't work for me. I also tried switching off duck dns and nginx, restated and use only the lan ip but still get the 500 error with a captcha to progress instead of an otp populating

[rrubin0]

Since you switched off NGINX, try issuing a certificate using LetsEncrypt, then enable https for home assistant and try again. It should work if you're able to use https to access home assistant externally. That works for me, but then after I switch back to using the reverse proxy, it 500's again after a while when I'm forced to reauthenticate.

[stas1000]

Thank you, I literally just got it working by fluke while having nginx and and duck dns running. I continued to use the lan ip for the host but the only change I made was when registering the otp I only enabled the home assistant app, went through the process and it worked! Now I have dropped back and registered the Google authenticator app after the fact. Thank you for your help and hopefully that may work for some others in the same position

[github-actions[bot]]

The issue has received no activity for 60 days and will be closed in a week.

[p0onage]

Currently experiencing the same issue, 500 internal error when completing the setup

[ps915]

Same for me! getting 500 Error

[phieb]

Same here

[ps915]

Update: just configured 2FA and it worked right away

[gianniocchipinti]

same here