SSL Error After Successful Setup

[TacoRocket]

I'm able to setup without errors on the new beta. However when it tries to load the homepage for my home assistant instance, it shows the error "An SSL error has occurred and a secure connection cannot be made".

When I click on the settings button and then connection I see Connected Via "Remote UI" Which is not correct because I have that turned off for my instance. I run my instance behind an Nginx Reverse Proxy with an SSL cert that is valid.

[TacoRocket]

Digging through the Home Assistant side of things. Some errors that I think are applicable to this:

"Fetched https://remote-sni-api.nabucasa.com/challenge_txt (400)" "Can't set challenge token to NabuCasa DNS!" "Renew of ACME certificate fails. Try it lager again"

This may not be for the app but I figured, I could add it.

[bachya]

Same issue here.

[bachya]

I notice that when I turn on Remote Control, everything starts working (even though I still put my externally-exposed NGINX proxy in as the URL).

[robbiet480]

This is gonna be a cloud issue where your SSL certificate for remote UI isn't being renewed... @balloob @pvizeli any ideas on why renews are failing on cloud (and where should this issue be transferred to?)

[bachya]

@robbiet480 Can you confirm that Remote Control must be turned on in HASS for the iOS app to work? Put another way, is it no longer sufficient to expose our HASS instances ourselves?

[balloob]

we are running into some rate limits that will be resolved in 94.3. However, I think that the issue here is that app is using the remote connection although the url is set not to ?

@bachya it should be sufficient. The app relies on webhooks and exposed instances or it relies on cloudhooks + remote UI.

[robbiet480]

@bachya Right now, in the current state, the app is configured one of two ways during onboarding. If we detect cloud, it'll use cloud URLs (unless you are on internal wifi and have that internal URL set). If we don't detect cloud, it will let you set a external and internal URL. Working on adding an ability to switch between the two modes now without having to reset the app entirely.

[Mike1082]

@robbiet480 I am having what appears to be a similar issue (please let me know if this is unrelated, and I can open a new issue).

HA: 0.98.5 Mobile App: 2.0 (62) (this happened on 61 as well).

When I onboard the Companion app locally on my wifi, it detects my HA, allows me to login with TOTP, detects my cloud account (remote UI is enabled and working via browser form my office). In the App settings under Connection, it says Connected via Internal URL. HA Cloud is detected. Connect via Cloud is not ticked by default on this screen, so I turn it on. There is no external URL configured. It is my understanding that at this point, the app should know to use the Cloud URL if I am not on the Wifi SSID that is listed at the bottom of this page.

If I close the app, disable wifi (now on cellular) and re-open the app, I get the prompt telling me that there is no external URL configured. I am unable to do anything but enter an external URL. It is at this point that without another means of remote access (no reverse proxy, etc) that I am dead in the water if I am remote.

Now, I do also have HA exposed via reverse proxy with its own sub-domain. If I enter that URL and restart the app, it connects using the external URL I entered. It still shows HA Cloud as enabled, and even shows my Nabu Casa Cloud URL if I click on "Home Assistant Cloud". The "Connect via Cloud" option is now turned off.

If I once again check the "Connect via Cloud option, it switches over to "Connected via Remote UI URL".

After this point, it seems to be OK. I am able to close the app and re-open it (still connecting via Cloud remote UI). But this was after a few rounds of testing. I found that if I do not enter a valid Remote URL manually, as described above, I can not connect remotely using the Cloud UI URL, and if I am remote I do not get notifications (which makes sense in that context). I fear that if I did not have my external URL configured (and HA exposed via my proxy) then I would not be able to use the cloud option. I would prefer to sunset my reverse proxy and do everything via HA Cloud, but I fear that this issue is preventing me from doing so.

Any assistance would be much appreciated, and I would be happy to blow away my mobile_app config again to test if needed.

[zacwest]

I believe this class of connection errors are not currently occurring.