broken after HA OS 12

Question

broken after HA OS 12

Silther opened this issue 5 months ago · 9 comments

Problem/Motivation

After updating to Home assistant Os 12 (it was probably the restart) I always get an 400 bad request error when opening home-assistant.my.domain.

Expected behavior

should open my website es before

Actual behavior

get an 400 bad request error

Steps to reproduce

I have an local access rule, which only allows devices from the local net to open home-assistant.my.domain
And with the adguard home addon I rewrite my dns requests

Proposed changes

try to fix the problem, if you need logs I can upload them.

Answer 1 · 2024-02-29T13:57:54.000Z

closed as the error is probably with the AdGuard home addon and I opened an issue there

Answer 2 · 2024-02-29T14:16:28.000Z

[29/Feb/2024:15:11:38 +0100] - 400 400 - GET https home-assistant.mydomain.com "/api/websocket" [Client 172.70.115.125] [Length 16] [Gzip -] [Sent-to 192.168.178.42] "Mozilla/5.0 (Linux; Android 14; SM-A528B Build/UP1A.231005.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/121.0.6167.178 Mobile Safari/537.36 Home Assistant/2024.1.5-12102 (Android 14; SM-A528B)" "-"

strange, I even get the error if I don't go through adgaurd home (from outside the wifi or with an vpn)

Answer 3 · 2024-03-02T20:07:03.000Z

same for me. I noticed that the SSL directory files changed and are now located at \addon_configs\a0d7b954_nginxproxymanager\letsencrypt\live\npm-6

Answer 4 · 2024-03-03T07:53:33.000Z

Here below the error I get :

[08:47:42] INFO: Starting NGinx...
s6-rc: info: service legacy-services successfully started
[3/3/2024] [8:47:42 AM] [Global ] › ℹ info Using Sqlite: /config/database.sqlite
2024/03/03 08:47:43 [error] 209#209: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.20, server: nginxproxymanager, request: "GET /api/ HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "192.168.1.X:81", referrer: "http://192.168.1.X:81/nginx/proxy"
[3/3/2024] [8:47:45 AM] [Migrate ] › ℹ info Current database version: none
[3/3/2024] [8:47:46 AM] [Setup ] › ℹ info Logrotate Timer initialized
[3/3/2024] [8:47:46 AM] [Setup ] › ℹ info Logrotate completed.
[3/3/2024] [8:47:46 AM] [IP Ranges] › ℹ info Fetching IP Ranges from online services...
[3/3/2024] [8:47:46 AM] [IP Ranges] › ℹ info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[3/3/2024] [8:47:46 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v4
[3/3/2024] [8:47:46 AM] [IP Ranges] › ℹ info Fetching https://www.cloudflare.com/ips-v6
[3/3/2024] [8:47:46 AM] [SSL ] › ℹ info Let's Encrypt Renewal Timer initialized
[3/3/2024] [8:47:46 AM] [SSL ] › ℹ info Renewing SSL certs close to expiry...
[3/3/2024] [8:47:46 AM] [IP Ranges] › ℹ info IP Ranges Renewal Timer initialized
[3/3/2024] [8:47:46 AM] [Global ] › ℹ info Backend PID 159 listening on port 3000 ...
[3/3/2024] [8:47:48 AM] [Nginx ] › ℹ info Reloading Nginx
[3/3/2024] [8:47:48 AM] [SSL ] › ℹ info Renew Complete
2024/03/03 08:50:06 [error] 225#225: *20 SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking to upstream, client: 192.168.1.254, server: XXXXX.duckdns.org, request: "GET / HTTP/2.0", upstream: "https://192.168.1.X:8123/", host: "XXXXX.duckdns.org"
[03/Mar/2024:08:50:06 +0100] - 502 502 - GET https XXXXX.duckdns.org "/" [Client 192.168.1.254] [Length 552] [Gzip -] [Sent-to 192.168.1.X] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36" "-"
2024/03/03 08:50:06 [error] 225#225: *20 SSL_do_handshake() failed (SSL: error:0A00010B:SSL routines::wrong version number) while SSL handshaking to upstream, client: 192.168.1.254, server: XXXXX.duckdns.org, request: "GET /favicon.ico HTTP/2.0", upstream: "https://192.168.1.X:8123/favicon.ico", host: "XXXXXy.duckdns.org", referrer: "https://XXXXX.duckdns.org/"
[03/Mar/2024:08:50:06 +0100] - 502 502 - GET https XXXXX.duckdns.org "/favicon.ico" [Client 192.168.1.254] [Length 552] [Gzip -] [Sent-to 192.168.1.X] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36" "https://XXXXX.duckdns.org/"

Don't know what to do. The previous SSL certificates expired

Answer 5 · 2024-03-11T15:35:27.000Z

Where did you get this error log?

Answer 6 · 2024-03-11T20:09:18.000Z

In the NGINX add-on log.
I bypassed the error by removing and reinstalling the add-on. Then, copied and paste the SSL certificates into the old SSL directory. Don't know if this could help you

Answer 7 · 2024-03-12T14:03:46.000Z

I just don't get it, I removed and readded the proxy but still get this:

[12/Mar/2024:15:01:40 +0100] - 400 400 - GET https home-assistant.domain.com "/service_worker.js" [Client 31.19.208.94] [Length 16] [Gzip -] [Sent-to 192.168.178.42] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "https://home-assistant.domain.com/service_worker.js"

Answer 8 · 2024-03-12T19:43:28.000Z

I also manually removed the directories related to SSL :
\addon_configs\a0d7b954_nginxproxymanager
&
\SSL

Answer 9 · 2024-04-12T08:16:26.000Z

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!