Unable to connect to Node-RED or UI

I’ve been happily using Node-RED with HA for a couple of years.

I can see Node-RED from within HA but since yesterday am unable to connect directly (https://homeassistant.local:1880/) and can no longer view the UI (https://[host]:81/endpoint/ui).

The browsers report “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” expanded shows:

Unsupported protocol
The client and server don’t support a common SSL protocol version or cipher suite.

I’ve tried different browsers from different PCs and mobile devices - all fail to connect. I’ve updated HA software, rebooted, turned-off-and-on-again.

What do I need to fix and where will I find it?

Hi @Mart

have you tried connecting with http rather than https ?

I'm not sure how HA configures Node-RED under the covers - so can't say for sure if https would be expected to work or not.

@knolleary - Just tried HTTP to port 80 - host "refused to connect"

Did you try port 1880 like in the urls you shared?

@knolleary Not sure what port to send to with HTTP - if I just change HTTPS to HTTP to the same port I get:

http://homeassistant.local:1880/

400 Bad Request

The plain HTTP request was sent to HTTPS port

Okay - so that tells us it expects to be using https. We've ruled out the most common cause of that error that I know of. As I mentioned, I'm not very familiar with how HA configures Node-RED, so I don't have an obvious next step for your to try.

Perhaps someone more familiar with Node-RED in HA can help.

The problem is that an update has altered the available cypher suites allowed and there is no longer one supported by your browser.

Does HA include a proxy server such as NGINX or Caddy or Apache web server?


Actually, it is possible that it isn't the HA server but rather a browser update. Though the fact that you've tried from different devices would seem to rule that out.


Maybe checkout the changelogs for HA to see if they closed a security hole by changing the available cyphers.


Sorry, last update :slight_smile: Check whether they disabled an old version of SSL or TLS as well since that could also be the issue.

I've tried multiple browsers on different devices (Win10: Chrome, Edge, Firefox, Vivaldi; iOS: DuckDuckGo, Safari).

I've tried direct connection on local LAN with HTTP and HTTPS

  • https : // 192.168.3.87:1880/ gets the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” response
  • http : // 192.168.3.87:1880/ get "The plain HTTP request was sent to HTTPS port" response

I've played with installing NGINX SSL proxy this morning - not resolved the issue.

Tried to create new SSL certificates - installed "Let's Encrypt". Failed to generate new certificates as it can't get to HA:

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

The behaviour's the same whether I access remotely (your-host . duckdns . org) or locally (192.168.3.87). So it feels like an SSL/certification problem in HA/Node-RED?

Sadly considering whether to do a complete RasPi/HA/Node-RED rebuild - reluctant to do that as I don't understand what's changed and gone wrong this week?

It was also suggested I try uninstalling and reinstalling Node-RED to see if that fixed the problem.

So I’ve now uninstalled NR, restarted Pi, installed NR, started it, stopped it, copied across the flows,json, restarted NR … and it now all works!?

Having played with Nginx, it seemed like a “good thing to have”, so I’ve also re-installed that and (I think) I have that running too.

Connecting to NR through port 1880 works again and the NR UI works again.

Not quite sure what was going wrong with NR - but it did look like my NR hadn't been updated for some time (16 months?).

There were a couple of differences in the new config (no "dark_mode: false" line, no "require_ssl: true" line) - don't know if they could have upset my HA/NR machine.

Thanks for your suggestions.

Cheers, Martin.

Yes. Please see my recent and not so recent posts on configuring NGINX for node-red and security.

I'm afraid we didn't get to the bottom of the actual issue. I must admit that I still think that it was an HA issue.

If you aren't using local SSL now for node-red, make sure that you restrict access to it - NGINX is good here.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.