Unable to connect to Home Assistant. Retrying in xx seconds..

[nhotranqn]

The problem

I am login user and pass ok them it error
Unable to connect to Home Assistant.

Retrying in 56 seconds..

What version of Cloudflared has the issue?

4.0.5

What was the last working version of Cloudflared?

No response

What type of installation are you running?

Home Assistant OS

Add-on YAML Configuration

No response

Anything in the logs that might be useful for us?

No response

Steps to reproduce the issue

i dont know

Additional information

No response

[brenner-tobias]

Can you connect to HA locally? If so, please have a look at the Cloudflare Add-On logs and post what you see there.

[mwmondo]

I have the same problem. The plugin logs show that an attempt is made to add a DNS record. Manually deleting the record makes the add-on work until the next restart.

[07:56:07] INFO: Checking config for legacy options...
[07:56:08] INFO: Checking add-on config...
[07:56:11] INFO: Checking for existing certificate...
[07:56:11] INFO: Existing certificate found
[07:56:11] INFO: Checking for existing tunnel...
[07:56:11] INFO: Existing tunnel with ID <guid> found
[07:56:11] INFO: Checking if existing tunnel matches name given in config
[07:56:13] INFO: Existing Cloudflare Tunnel name matches config, proceeding with existing tunnel file
[07:56:13] INFO: Creating config file...
[07:56:15] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[07:56:16] INFO: Creating DNS entry <domain>...
Failed to add route: code: 1003, reason: An A, AAAA, or CNAME record with that host already exists.
[07:56:17] FATAL: Failed to create DNS entry <domain>.

I think this Issue is correlated: #259

[brenner-tobias]

Ok, thanks for the clarification. My suggestion is to stop and uninstall the Add-On from HA. Then go to Cloudflare Dashboard into the DNS settings and delete all the DNS records related to the domain you want to use (or subdomain only). Go to your Cloudflare Zero Trust Dashboard as well and delete all tunnels (or at least the one you want to use).
After that, reinstall the add-on and set it up from scratch.

[mwmondo]

It works for me! Thank you very much.

[brenner-tobias]

Sure, I am glad it worked. @nhotranqn please re-open if this did not work for you.

[ADKMechETECH]

I'm not sure if my issue is related, if it is not I can create a new topic either here or on github.

I have Cloudflare set up and working perfectly. I can access my HA dashboard using the external subdomain.domain:8443 I have created. I can also access from my Laptop at the IP_address:8443 normally still. Unfortunately, something is broken in the HA Android app related to the local IP address. See below:

1. WIFI off, 4g only.

• Local IP doesn't work (as expected)
• Domain works (as expected)

2. Wifi on, 4g on.
   -App works, but unsure whether using WIFI or 4G
3. Wifi on (no internet, local only), 4g Off
   • "Unable to connect to Home Assistant" error.
     -It seems that the local address does not work with the android app for some reason.

Any suggestions?

[brenner-tobias]

@ADKMechETECH: I think it makes sense to create a new issue for this. As a fist guess, I think that you might have entered a wrong local IP in the App. (maybe "https://" insted of "http//" or a wrong port?
Let's discuss.

[jon91]

Latest HA + Cloudflared installation. Still same behaviour as original poster. Tried deleting the tunnel/dns in CF as well as removing, rebooting, reinstalling, reconfiguring the add-on. And tried with different subdomain names.

Behaviour on desktop/web browser:

• redirects properly
• after login, this error Unable to connect to Home Assistant. Retrying in 57 seconds...RETRY NOW keeps going on and on

Behaviour with iOS mobile app:

• redirects properly
• after login, error This operation couldn't be completed. Starscream.HTTPUpgradeError 0

http for reverse-proxy is setup, so it's redirecting correctly.
Password is correct, because if not correct, gives error.

What can there be done to fix this/trouble-shoot original issue?

Thank you so much, btw, @brenner-tobias. Mad props for this add-on.

[brenner-tobias]

@jon91 can you login locally via the IP and have a look at the Cloudflare add-on logs after the unsuccessful logins and post them here?

[jon91]

• Restarted add-on
• duplicated behaviour on both mobile and desktop browser
• logs:

-----------------------------------------------------------
 Add-on: Cloudflared
 Use a Cloudflare Tunnel to remotely connect to Home Assistant without opening any ports
-----------------------------------------------------------
 Add-on version: 4.0.7
 You are running the latest version of this add-on.
 System: Home Assistant OS 9.4  (amd64 / qemux86-64)
 Home Assistant Core: 2023.1.2
 Home Assistant Supervisor: 2022.12.1
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
Log level is set to DEBUG
[21:00:43] DEBUG: Cloudflared log level set to "info"
[21:00:43] INFO: Checking add-on config...
[21:00:44] INFO: Checking for existing certificate...
[21:00:44] INFO: Existing certificate found
[21:00:44] INFO: Checking for existing tunnel...
[21:00:44] INFO: Existing tunnel with ID xxxxx-xxxxx-xxxxx-xxxxx-xxxxx found
[21:00:44] INFO: Checking if existing tunnel matches name given in config
[21:00:45] DEBUG: Existing Cloudflare Tunnel name: homeassistant
[21:00:45] INFO: Existing Cloudflare Tunnel name matches config, proceeding with existing tunnel file
[21:00:45] INFO: Creating config file...
[21:00:45] DEBUG: Checking if SSL is used...
[21:00:46] DEBUG: Requested API resource: http://supervisor/core/info
[21:00:46] DEBUG: Request method: GET
[21:00:46] DEBUG: Request data: {}
[21:00:46] DEBUG: API HTTP Response code: 200
[21:00:46] DEBUG: API Response: {"result": "ok", "data": {"version": "2023.1.2", "version_latest": "2023.1.2", "update_available": false, "machine": "qemux86-64", "ip_address": "172.30.32.1", "arch": "amd64", "image": "ghcr.io/home-assistant/qemux86-64-homeassistant", "boot": true, "port": 8123, "ssl": false, "watchdog": true, "audio_input": null, "audio_output": null}}
[21:00:46] DEBUG: ha_service_protocol: http
[21:00:47] INFO: Validating config file...
[21:00:47] DEBUG: Validating created config file: {"tunnel":"xxxxx-xxxxx-xxxxx-xxxxx-xxxxx","credentials-file":"/data/tunnel.json","ingress":[{"hostname":"home.xxxxx.xxxxx","service":"http://homeassistant:8123","originRequest":{"noTLSVerify":true}},{"service":"http_status:404","originRequest":{"noTLSVerify":true}}]}
Validating rules from /tmp/config.json
OK
[21:00:47] DEBUG: Sucessfully created config file: {"tunnel":"xxxxx-xxxxx-xxxxx-xxxxx-xxxxx","credentials-file":"/data/tunnel.json","ingress":[{"hostname":"home.xxxxx.xxxxx","service":"http://homeassistant:8123","originRequest":{"noTLSVerify":true}},{"service":"http_status:404","originRequest":{"noTLSVerify":true}}]}
[21:00:47] INFO: Creating DNS entry home.xxxxx.xxxxx...
2023-01-11T03:00:48Z INF home.xxxxx.xxxxx is already configured to route to your tunnel tunnelID=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
[21:00:49] INFO: Finished setting up the Cloudflare Tunnel
[21:00:49] INFO: Connecting Cloudflare Tunnel...
[21:00:49] DEBUG: using /tmp/config.json config file
2023-01-11T03:00:49Z INF Starting tunnel tunnelID=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
2023-01-11T03:00:49Z INF Version 2022.12.1
2023-01-11T03:00:49Z INF GOOS: linux, GOVersion: go1.19.3, GoArch: amd64
2023-01-11T03:00:49Z INF Settings: map[config:/tmp/config.json cred-file:/data/tunnel.json credentials-file:/data/tunnel.json loglevel:info metrics:0.0.0.0:36500 no-autoupdate:true origincert:/data/cert.pem]
2023-01-11T03:00:49Z INF Generated Connector ID: xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
2023-01-11T03:00:49Z INF Initial protocol quic
2023-01-11T03:00:50Z INF ICMP proxy will use 172.30.33.3 as source for IPv4
2023-01-11T03:00:50Z INF ICMP proxy will use :: as source for IPv6
2023-01-11T03:00:50Z INF Starting metrics server on [::]:36500/metrics
2023-01-11T03:00:51Z INF Connection xxxxx-xxxxx-xxxxx-xxxxx-xxxxx3c00 registered with protocol: quic connIndex=0 ip=xxx.xxx.xxx.xxx location=ORD
2023-01-11T03:00:51Z INF Connection xxxxx-xxxxx-xxxxx-xxxxx-xxxxx22fa registered with protocol: quic connIndex=1 ip=xxx.xxx.xxx.xxx location=EWR
2023-01-11T03:00:53Z INF Connection xxxxx-xxxxx-xxxxx-xxxxx-xxxxx3cc3 registered with protocol: quic connIndex=2 ip=xxx.xxx.xxx.xxx location=EWR
2023-01-11T03:00:54Z INF Connection xxxxx-xxxxx-xxxxx-xxxxx-xxxxx0ee4 registered with protocol: quic connIndex=3 ip=xxx.xxx.xxx.xxx location=ORD

[jon91]

A few more lines since last comment

2023-01-11T03:24:59Z INF Unregistered tunnel connection connIndex=2
2023-01-11T03:24:59Z ERR writing call: timeout: no recent network activity
2023-01-11T03:24:59Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=2 ip=xxx.xxx.xxx.xxx
2023-01-11T03:24:59Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=2 ip=xxx.xxx.xxx.xxx
2023-01-11T03:24:59Z INF Retrying connection in up to 1s connIndex=2 ip=xxx.xxx.xxx.xxx
2023-01-11T03:25:00Z INF Unregistered tunnel connection connIndex=3
2023-01-11T03:25:00Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=3 ip=xxx.xxx.xxx.xxx
2023-01-11T03:25:00Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=3 ip=xxx.xxx.xxx.xxx
2023-01-11T03:25:00Z INF Retrying connection in up to 1s connIndex=3 ip=xxx.xxx.xxx.xxx
2023-01-11T03:25:00Z INF Unregistered tunnel connection connIndex=1
2023-01-11T03:25:00Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=1 ip=xxx.xxx.xxx.xxx
2023-01-11T03:25:00Z WRN Serve tunnel error error="timeout: no recent network activity" connIndex=1 ip= xxx.xxx.xxx.xxx
2023-01-11T03:25:00Z INF Retrying connection in up to 1s connIndex=1 ip=xxx.xxx.xxx.xxx
2023-01-11T03:25:00Z WRN Connection terminated error="timeout: no recent network activity" connIndex=2
2023-01-11T03:25:00Z INF Unregistered tunnel connection connIndex=0
2023-01-11T03:25:00Z WRN Failed to serve quic connection error="timeout: no recent network activity" connIndex=0 ip=xxx.xxx.xxx.xxx
2023-01-11T03:25:00Z ERR Serve tunnel error error="timeout: no recent network activity" connIndex=0 ip=xxxxx
2023-01-11T03:25:00Z INF Retrying connection in up to 1s connIndex=0 ip=xxxxx
2023-01-11T03:25:00Z ERR Connection terminated error="timeout: no recent network activity" connIndex=1
2023-01-11T03:25:00Z ERR Connection terminated error="timeout: no recent network activity" connIndex=3
2023-01-11T03:25:05Z ERR Failed to create new quic connection error="failed to dial to edge with quic: timeout: no recent network activity" connIndex=0 ip=xxxxx
2023-01-11T03:25:05Z INF Retrying connection in up to 4s connIndex=0 ip=xxxxx
2023-01-11T03:25:09Z INF Connection xxxxx-xxxxx-xxxxx-xxxxx-xxxxx registered with protocol: quic connIndex=0 ip=xxxxx location=ORD
2023-01-11T03:25:15Z INF Connection xxxxx-xxxxx-xxxxx-xxxxx-xxxxx registered with protocol: quic connIndex=3 ip=xxxxx location=ORD
2023-01-11T03:25:15Z INF Connection xxxxx-xxxxx-xxxxx-xxxxx-xxxxx registered with protocol: quic connIndex=2 ip=xxx.xxx.xxx.xxx location=EWR
2023-01-11T03:25:15Z INF Connection xxxxx-xxxxx-xxxxx-xxxxx-xxxxx registered with protocol: quic connIndex=1 ip=xxx.xxx.xxx.xxx location=IAD

[brenner-tobias]

This all looks fine from a logging perspective (the occasional error is nothing to worry about), so I am not really sure where the problem ist.
If it is feasible at all, I would suggest to create a new HA instance, remove everything (DNS entries and Zero Trust Tunnel and Apps) in Cloudflare and start over again. Especially the Cloudflare perspective is important: Make sure to delete all DNS entries (that are relevant for the subdomain) and also all Applications and Tunnels in the Zero Trust Dashboard. For HA, it should also be fine to uninstall the add-on and re-installing it.
If this does not help, please post your config here so we can have a look

[xargon1004]

Me too I had the same problem today since about 15:00 I guess? When I tried to reconfigure the add-on I received the following error, after downloading the certificate from cloudflare. Please note that I never had a cloudflare team dashboard. So nothing is setup there. I then made an account to remove the application and tunnel in the zero trust dashboard.
I reinstalled the add-on, but the same problem kept coming.
My logs are the same as Jon91 here above.

-----------------------------------------------------------
 Add-on: Cloudflared
 Use a Cloudflare Tunnel to remotely connect to Home Assistant without opening any ports
-----------------------------------------------------------
 Add-on version: 4.0.7
 You are running the latest version of this add-on.
 System: Home Assistant OS 9.4  (amd64 / qemux86-64)
 Home Assistant Core: 2023.1.2
 Home Assistant Supervisor: 2022.12.1
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[20:31:28] INFO: Checking add-on config...
[20:31:29] INFO: Checking for existing certificate...
[20:31:29] NOTICE: No certificate found
[20:31:29] INFO: Creating new certificate...
[20:31:29] NOTICE: 
[20:31:29] NOTICE: Please follow the Cloudflare Auth-Steps:
[20:31:29] NOTICE: 
Please open the following URL and log in with your Cloudflare account:
https://dash.cloudflare.com/argotunnel?callback=https%3A%2F%2Flogin.cloudflareaccess.org%2xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
Leave cloudflared running to download the cert automatically.
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
/root/.cloudflared/cert.pem
[20:31:52] INFO: Authentication successfull, moving auth file to the '/data' folder
[20:31:52] INFO: Checking for existing certificate...
[20:31:52] INFO: Existing certificate found
[20:31:52] INFO: Checking for existing tunnel...
[20:31:52] NOTICE: No tunnel file found
[20:31:52] INFO: Creating new tunnel...
Tunnel credentials written to /data/tunnel.json. Keep this file secret. To revoke these credentials, delete the tunnel.
Created tunnel homxx with id xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx138
[20:31:53] INFO: Checking for existing tunnel...
[20:31:53] INFO: Existing tunnel with ID xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx found
[20:31:53] INFO: Checking if existing tunnel matches name given in config
[20:31:54] INFO: Existing Cloudflare Tunnel name matches config, proceeding with existing tunnel file
[20:31:54] INFO: Creating config file...
[20:31:55] INFO: Validating config file...
Validating rules from /tmp/config.json
OK
[20:31:55] INFO: Creating DNS entry home.Eeee...
2023-01-12T19:31:56Z INF Added CNAME gatsken.ga which will route to this tunnel tunnelID=xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxe138
[20:31:57] INFO: Finished setting up the Cloudflare Tunnel
[20:31:57] INFO: Connecting Cloudflare Tunnel...
2023-01-12T19:31:57Z INF Starting tunnel tunnelID=xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx138
2023-01-12T19:31:57Z INF Version 2022.12.1
2023-01-12T19:31:57Z INF GOOS: linux, GOVersion: go1.19.3, GoArch: amd64
2023-01-12T19:31:57Z INF Settings: map[config:/tmp/config.json cred-file:/data/tunnel.json credentials-file:/data/tunnel.json loglevel:info metrics:0.0.0.0:36500 no-autoupdate:true origincert:/data/cert.pem]
2023-01-12T19:31:57Z INF Generated Connector ID: xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx747
2023-01-12T19:31:57Z INF Initial protocol quic
2023-01-12T19:31:57Z INF ICMP proxy will use x.x.x.x as source for IPv4
2023-01-12T19:31:57Z INF ICMP proxy will use :: as source for IPv6
2023-01-12T19:31:57Z INF Starting metrics server on [::]:36500/metrics
2023-01-12T19:31:57Z INF Connection xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxc55 registered with protocol: quic connIndex=0 ip=xxx.xx.xxx.xx location=AMS
2023-01-12T19:31:58Z INF Connection xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxc51 registered with protocol: quic connIndex=1 ip=xxx.xx.xxx.xx location=BRU
2023-01-12T19:31:59Z INF Connection xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx9ff registered with protocol: quic connIndex=2 ip=xxx.xx.xxx.xx location=AMS
2023-01-12T19:32:00Z INF Connection xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx6ee registered with protocol: quic connIndex=3 ip=xxx.xx.xxx.xx location=BRU

EDIT:
Since 21:17 it worked again!

[brenner-tobias]

@jon91 is it working for you as well?

[jon91]

Sorry for the absence, I was going to reconstruct the entire installation this weekend. I'll get home tonight and try that. Thanks for checking in, btw!

[jon91]

Same behavior (without destroying/creating new HA env) and I've tried 3 times to clean/clear everything out. Will try that.

Also - would CGNAT cause this? Seems like cloudflare tunnels work just fine, but don't know what the authentication either (1) hangs or (2) can't get a response? idk..

[stathisktm]

Hello. I have exactly the same problem since yesterday I have done many installs and uninstalls on the plugin.. I have deleted the records etc and in zero trast the result is always the same connection normally via domain when I am on the local network but when I am off the network it does not work.. . the only case for it to work is if the connection to the local network has been made and while the application is open I close the wifi then it works .. but as soon as I exit the application it does not come back in until I connect to the local network again

[brenner-tobias]

This is indeed very strange. @stathisktm could you comment if you are behind a CGNAT as well?

[brenner-tobias]

• which Browsers are you using?

[stathisktm]

Thank you for your reply.! no i'm not behind CGNAT.. both with android app but also with any browser as well as any device.. it's very strange because for 4 months it was working perfectly.. but yesterday suddenly it did this

[stathisktm]

Ευχαριστώ για την απάντησή σου.! όχι δεν είμαι πίσω από το CGNAT.. και με εφαρμογή android αλλά και με οποιοδήποτε πρόγραμμα περιήγησης καθώς και με οποιαδήποτε συσκευή.. είναι πολύ περίεργο γιατί για 4 μήνες δούλευε τέλεια.. αλλά χθες ξαφνικά το έκανε αυτό

as soon as I opened the port it worked normally. but I don't know if it's right to have the port open ha

[brenner-tobias]

Thanks for the update. Can you let me know if you are using a free domain from freenom or if you have a payed domain from some other registrar?

[stathisktm]

Thanks for the update. Can you let me know if you are using a free domain from freenom or if you have a payed domain from some other registrar?

yes i have free from freenom... do you think there is a problem?

[brenner-tobias]

There might be, since we currently see a lot of problems without any apparent reason. Can you give me your email via my contact form on my website? I can generate a temporary tunnel token for you from my domain to see if this solves the problem.

[stathisktm]

There might be, since we currently see a lot of problems without any apparent reason. Can you give me your email via my contact form on my website? I can generate a temporary tunnel token for you from my domain to see if this solves the problem.

thanks for the interest.. i have sent you to your site.

[rjmcfadd]

This just happened to me this morning. I can access home assistant locally but not remotely anymore. It had been working perfectly for weeks. I have a domain from Freenom.

Edit: Actually, I just checked using a cellular connection and it worked fine. For some reason, the WiFi network I was connected to wouldn't connect to it.

[stathisktm]

This just happened to me this morning. I can access home assistant locally but not remotely anymore. It had been working perfectly for weeks. I have a domain from Freenom.

Edit: Actually, I just checked using a cellular connection and it worked fine. For some reason, the WiFi network I was connected to wouldn't connect to it.

unfortunately the problem probably comes from freenom... a rough solution could be to open port 8123 on your router... or to buy a domain from somewhere else

[brenner-tobias]

Yes, unfortunately there seems to be problems with Freenom. So if you are using Freenom, I suggest to buy a cheep domain from Namecheap or GoDaddy or anywhere else and try with that. Feel free to open another ticket if this problem occurs with another domain from another registrar.

[mikehanrahan]

[comment removed - submitting new issue]