-
Notifications
You must be signed in to change notification settings - Fork 14
Read this before asking for help
According to Tesla:
Owner API will stop working as vehicles begin requiring end-to-end command authentication. Pre-2021 Model S and X vehicles do not support this new protocol. Fleet API will continue to work on these vehicles.
This is expected to work with all other Tesla vehicles. The Fleet API rollout is gradual, so even if the old Owner API works for you now, it may stop working in the near future.
This has been tested with:
- 2021 Model 3 in United States
- 2023 Model 3 in Europe
- 2023 Model Y in Europe.
If you see this error in Home Assistant log from the old API, this is a sure sign you need to start using the proxy. There may be other types of error message too.
DEBUG (MainThread) [teslajsonpy.connection] 403: {"response":null,"error":"Tesla Vehicle Command Protocol required, please refer to the documentation here: https://developer.tesla.com/docs/fleet-api#2023-10-09-rest-api-vehicle-commands-endpoint-deprecation-warning","error_description":""}
You will still need to purchase a separate domain name because Nabu Casa doesn't allow enough control over the domain to host the public key. But it should be possible to continue using Nabu Casa for regular Home Assistant access. One user reported it works.
Yes. See this wiki page.
Yes, it will work the same as any other DNS provider.
Yes but the configuration is more complicated. Please contribute a Wiki page if you figure it out. There is a description in README.md explaining how I run this in a dev container.
This was tested with a 2021 Model 3 in the United States. Other regions may require different endpoints.
- Enable debug logging on both the addon and the Tesla integration.
- If you change your domain or Client ID and need to start over, delete the files in
/share/nginx_proxy/nginx_tesla.conf
and/share/tesla/
so it starts with a clean slate. Then turn onregenerate_auth
setting and restart the addon. To delete the files, using one of the SSH Terminal add-on, run the following command:
rm /share/nginx_proxy/nginx_tesla.conf /share/tesla/*
- If you have an unusual SSL setup, you may need to customize the config file at
/share/nginx_proxy/nginx_tesla.conf
. The only purpose of this file is to host the static public key. - The refresh token of the fleet-api is relatively short compared to the one for the one used for the old api. Make sure it is similar to this EU_03b5055f7daa4584f95d6169bd1237eaebe1603c2111e5ec3dbb1ea788cf2d21
- Make sure to read open discussions to see if anyone has similar problems to you.
- Make sure to delete all the old files generated (both for certificates and Tesla HTTP Proxy under shared/tesla) when changing configuration, then rebuild them
- If you're using an exotic TLD such as
.click
it might not be allowed by Tesla. See here. - Your SSL certificate is signed by a Root CA not trusted by Tesla.
- Your public key is not accessible at the well-known endpoint. See below issue.
- You might need to wait a few hours for DNS to propagate
- Use tools like https://dnschecker.org and https://ifconfig.me to verify that your domain resolves to your public IP address. If that doesn't work, there may be a problem with your domain registrar or name servers, or you might just need to wait a few hours for DNS propagation.
- Use
dig
from inside Home Assistant to verify it also resolves to the same public IP address. If it resolves externally but not internally, it may be a problem with NAT loopback on your router. Or you might need to restart Home Assistant because it has a stale cache. Tryha dns restart
. Or you might just need to reboot and wait a few hours for it to propagate. - If DNS is okay, and you're getting some HTTP error such as 404, check Nginx log to find out why.
- Use the "test public key" button in the Web UI. On iOS this will cause a dialog about "trying to download a configuration profile" because it incorrectly identifies the public key as such. On a desktop browser it should display the file contents like this:
-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcCTVZI7gyAGiVq2jdBjg4MOiXxsh nxjvrm2M6uKfDEYS52ITVVbzqGMzzbKCO/tuu78432jU6Z96BNR8NSoRXg== -----END PUBLIC KEY-----
This may appear in the addon output if they key has not been enrolled in the vehicle. When you click the button to enroll it, the car should prompt you to "allow third party access to your vehicle." If that doesn't happen, you may need to move within BLE range of the vehicle. This was reported by one Android user.
This usually means your refresh token has already been used. Unlike the old Owner API, refresh tokens may only be used once. There is currently a bug in the Tesla integration reauth config flow which causes this. The solution is to delete the integration and add it back.
This may happen if you are not the owner of the vehicle. See this issue.