llamafilm
commented
8 months ago It sounds like something is wrong with the TLS cert on your domain. Please share your real domain name so we can help you debug it.
Closed e2m32 closed 7 months ago
llamafilm
commented
8 months ago It sounds like something is wrong with the TLS cert on your domain. Please share your real domain name so we can help you debug it.
cebertowicz
commented
8 months ago Experiencing the same issue with A+ report from SSL labs
llamafilm
commented
8 months ago If you don't share your real domain I can't help you.
e2m32
commented
8 months ago I'm nervous publicly posting my domain and home assistant IP address for all to see.
I did notice that mycom.tesla.3p.public-key.pem file is empty which might explain the {"response":null,"error":"Invalid EC public key","error_description":""} error in the log file.
llamafilm
commented
8 months ago Ah, ok it sounds like you hit the same bug as another user. Delete that file, then update to 1.3.3 and try again.
e2m32
commented
8 months ago Ok, cool. Tried it and I am still getting the same "Dangerous Site" error for https://<REDACTED>.duckdns.org/.well-known/appspecific/com.tesla.3p.public-key.pem and I get the same error in the Tesla app.
The logs give this error:
[03:47:21] main:ERROR: Error 424: Failed Dependency
[03:47:21] main:INFO: {"response":null,"error":"Public key download failed for https://<REDACTED>.duckdns.org/.well-known/appspecific/com.tesla.3p.public-key.pem, error: SSL_connect returned=1 errno=0 peeraddr=<XX.XX.XX.XX>:443 state=error: certificate verify failed (self signed certificate)","error_description":""}Chrome doesn't complain about the SSL cert if I go to https://<REDACTED>.duckdns.org... that brings up the AddOn's button page. π
I checked the cert using https://dnschecker.org/ and it all looks correct. The domains align and it's signed by Let's Encrypt... ahh, but I just hit refresh and it's pulling my pfSense self-signed cert... Eh, how do I fix that?
ryanelliottsmith
commented
8 months ago I had this issue same error, but different symptoms(the public key was fine). For me, it was because the domain I was using for tesla-http-proxy wasn't in the "Allowed Origin's" list in the tesla app. I misread "matching the FQDN of your Home Assistant server" in the docs...
llamafilm
commented
8 months ago You should be able to view the public key in a web browser with no errors. If thatβs not working, you need to solve that before doing anything else.
cnn888
commented
8 months ago Me too have this problem. I have followed all the steps but always stuck at generating oauth.
Logging in the oauth link of the webui gives me a blank page saying error cannot open page
if this helps, the nginx gives me this error too
What do I need to do? Could you please help me? Thanj you
llamafilm
commented
8 months ago It sounds like something is wrong with your nginx config. Itβs hard to help without knowing how your domain, nameservers, and network are configured.
cnn888
commented
8 months ago Ok i will check the nginx and see if this is the culprit. I am using cloudflare tunnel as well if that might be causing it.
e2m32
commented
7 months ago I have tried getting this to work for 5 days now π and have spent hours cycling in what feels like infinite loops. Please, please can anyone help before I loose my sanity. π
After trying everything I could think of to get this to work with duckdns domins, I gave up and decided to just purchase a domain.
I got a domain from namecheap and set it up with cloudflare as the dns provider. I then setup the Cloudflare integration in HA to keep my IP address in sync with cloudflare. I set up an A type DNS record in cloudflare that points to my network and have port 443 forwarded to HA. I setup the NGINX addon with the new domain and got a SSL cert from cloudflare and put them in the /ssl directory and pointed the NGINX at them.
The issue is that when I go to my domain externally, it times out. But if I set up NGINX with a duckdns domain, it works like a charm. So my guess is that there is something that cloudflare is doing or not doing where the domain data is not passed on to NGINX and therefore it ignores the request instead of forwarding it on. NGINX doesn't give me any log information if a request fails though. Is there a way to turn that on? Is there some type of setting I am missing in Cloudflare? Am I doomed to just not get this working?
Things I've tried:
NGINX Home Assistant SSL proxy add-in and Nginx Proxy Manager add-in. Same behavior with both.llamafilm
commented
7 months ago @e2m32 your description sounds correct to me. I really don't understand the hesitation of sharing a public domain name. Your public IP is probably being port scanned every day by Chinese bots anyway.
curl, netcat, nmap, and dig may be helpful for troubleshooting.
ryanelliottsmith
commented
7 months ago @e2m32 what do the logs on the cloudflared process look like? There's something in the config(at least when I last looked at it) that breaks SNI when using a reverse proxy, even if you're passing through headers. I was seeing "name unknown" type responses from nginx with the tesla-http-proxy config that the app builds. I saw this both with cloudflared, and with nginx-ingress. You won't see this logged by nginx, just the reverse proxy In the short term, I reconfigured it for http between cloudflare and nginx, when I get some time I'll dig into it.
e2m32
commented
7 months ago Hey, thank you for your suggestions! I was able to get my main domain to work with cloudflare when I set the encryption mode to Flexible. I think there was an issue with the SSL cert that I created in Cloudflare and was using with Nginx Proxy Manager. I ended up using Nginx Proxy Manager to create a LetsEncrypt cert for me (using a DNS Edit API key) and started using that. Now I can use cloudflare's Full encryption mode π
I went back to NGINX Home Assistant SSL proxy add-in so I could use it with tesla-http-proxy-addon and loaded the new SSL certs, followed the DOCS and was able to authenticate with tesla and my car! π My domain is now listed under keys in the car's display. So cool.
I restarted the tesla-http-proxy-addon , and attempted to link it with Tesla Custom Integration and then ran into another hiccup. π After entering the requested info (Refresh token, etc), it fails to authenticate. There is no info in the tesla-http-proxy-addon logs. Just the following:
Any advise at this point?
My thoughts:
It's interesting to me that it's listening on 443... Shouldn't it be listening on 4430? Or is 443 internal to the add on and 4430 is what is exposed external to HA?
When I setup the Fleet API way back at the beginning of this journey, I didn't include Profile Information... might this be needed for the Integration since it requires an email address?
llamafilm
commented
7 months ago I don't think profile information is required in the scopes.
Port 4430 is not used for anything in a standard HAOS installation.
It sounds like this addon is working properly. Please enable debug logging from the Tesla integration and share the logs (in a formatted code block). The most common issue I see is the login_required error which means the refresh token has already been used. If that happens, you'll need to delete the car "device" and add it back.
By the way, there is no reason to redact a public key. It is by nature, public.
e2m32
commented
7 months ago Got it! I removed the Tesla Custom integration and went through the entire process again, and now it is working! Thank you so much! πβ₯π again! :)
chowdarygm
commented
7 months ago edit: Ignore, this, created a new issue for better support.
Describe the bug I've followed the instructions trying to set this up. Man, Tesla has really made a lot of hoops for us to jump through now π’
I set up another domain using duckdns and registering it with the Duck DNS (with Lets Encrypt) addon. Everything seems to be working. I also forwarded port 443 to my home assistant behind my firewall. I am able to reach the server from outside the network (tested on cell connection). With the this addon and nginx running when I go to my https:// I get the Web UI for this addon with the "Generate OAuth token" and other buttons.
When I click "Generate OAuth token" and authenticate with Tesla, everything seems to work and I get the Tesla Custom component token information in this addon's logs π.
Then when I go back to the WebUI and click "Enroll public key in your vehicle", my Tesla app opens as expected and it starts to try to authenticate... then I get a popup that stays:
βUnable to Share Vehicle: This third party isn't registered with Tesla. We can't grant them access at the time.When I click the "Test public key endpoint", chrome opens on my phone with the "Dangerous site" warning (something wrong with the certificate?). If I bypass the warning (Details > this unsafe site), I just get a blank white page.
When I restart the addon I get this in the logs:
Where did I go wrong? Help π
Environment (please complete the following information):
2024.3.0HAOS 12.01.3.2US2021 Model Y