"unable to connect, check uri and config" when using https

[bverkron]

Attempting to setup the Agent for the first time and I get unable to connect, check uri and config.

I have verified the url and long-lived token via this test. Both were copied from their original source and pasted into the HASS.Agent installer so unlikely to be a entry error.

$ curl --insecure -I -X GET https://192.168.1.105:8123/api/ -H 'Authorization: Bearer <long-lived-token>'
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 27
Date: Sun, 06 Mar 2022 21:03:50 GMT
Server: Python/3.9 aiohttp/3.8.1 

Note that without the --insecure flag I get the follow error

$ curl -X GET https://192.168.1.105:8123/api/error/all -H 'Authorization: Bearer <long-lived-token>’
curl: (60) SSL: no alternative certificate subject name matches target host name '192.168.1.105'
More details here: https://curl.haxx.se/docs/sslcerts.html

Thus, I believe this may be due to having a self signed certificate when connecting over https?

When hitting my instance locally (i.e. https://192.168.1.105:8123 I have to confirm I want to proceed due to the invalid cert and know this can cause problems elsewhere with other integrations.

I think HASS.Agent installer may be failing for this reason. Not sure if the installer saves more detailed logs anywhere that I can check.

[LAB02-Admin]

Hey @bverkron,

When you open HASS.Agent, go to Configuration and then click Home Assistant API on the left:

Here you can set your own certificate, and if it's installed in your pc you can try checking use automatic client certificate selection.

Let me know if that helps.

[bverkron]

I misspoke a bit in my description, was tired when I wrote the issue. I don't actually have a self signed certificate but rather my cert is for the duckdns url that I was using before switching to Nabu Casa. IIRC connecting via https but using the IP on the LAN will throw this kind of error for any https cert you have because they're for internet domains / urls and not local IPs.

I rectified the issue by using my Nabu Casa url instead of my local IP for now.

[LAB02-Admin]

Yep, you need to use the duckdns url and open a port in your WAN firewall, so not ideal. You don't need to provide a cert for duckdns though (as you can tell in my screenshot, I use duckdns for my testing environment).

But using the Nabu Casa url is safer :)

[ALERTua]

as far as I understand, an external URL is unusable while your internet connection is down. it would be nicer to use local IP while keeping HTTPS and use no certificate. could you implement an option to do so?

[LAB02-Admin]

Hi @ALERTua,

If you enable https, home assistant (by default) won't listen to local non-ssl connections anymore. If you want to use both local and ssl connections, I wrote a short manual on how to achieve that:

https://hassagent.readthedocs.io/en/latest/notifications/notification-debugging-ssl/

Note that this only works with duckdns and other custom ssl solutions. You don't need to do this for nabu casa; in that case you can just the local ip.