I’ve been happily using Node-RED with HA for a couple of years.
I can see Node-RED from within HA but since yesterday am unable to connect directly (https://homeassistant.local:1880/) and can no longer view the UI (https://[host]:81/endpoint/ui).
The browsers report “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” expanded shows:
Unsupported protocol
The client and server don’t support a common SSL protocol version or cipher suite.
I’ve tried different browsers from different PCs and mobile devices - all fail to connect. I’ve updated HA software, rebooted, turned-off-and-on-again.
Okay - so that tells us it expects to be using https. We've ruled out the most common cause of that error that I know of. As I mentioned, I'm not very familiar with how HA configures Node-RED, so I don't have an obvious next step for your to try.
Perhaps someone more familiar with Node-RED in HA can help.
The problem is that an update has altered the available cypher suites allowed and there is no longer one supported by your browser.
Does HA include a proxy server such as NGINX or Caddy or Apache web server?
Actually, it is possible that it isn't the HA server but rather a browser update. Though the fact that you've tried from different devices would seem to rule that out.
Maybe checkout the changelogs for HA to see if they closed a security hole by changing the available cyphers.
Sorry, last update Check whether they disabled an old version of SSL or TLS as well since that could also be the issue.
I've tried multiple browsers on different devices (Win10: Chrome, Edge, Firefox, Vivaldi; iOS: DuckDuckGo, Safari).
I've tried direct connection on local LAN with HTTP and HTTPS
https : // 192.168.3.87:1880/ gets the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” response
http : // 192.168.3.87:1880/ get "The plain HTTP request was sent to HTTPS port" response
I've played with installing NGINX SSL proxy this morning - not resolved the issue.
Tried to create new SSL certificates - installed "Let's Encrypt". Failed to generate new certificates as it can't get to HA:
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
The behaviour's the same whether I access remotely (your-host . duckdns . org) or locally (192.168.3.87). So it feels like an SSL/certification problem in HA/Node-RED?
Sadly considering whether to do a complete RasPi/HA/Node-RED rebuild - reluctant to do that as I don't understand what's changed and gone wrong this week?
It was also suggested I try uninstalling and reinstalling Node-RED to see if that fixed the problem.
So I’ve now uninstalled NR, restarted Pi, installed NR, started it, stopped it, copied across the flows,json, restarted NR … and it now all works!?
Having played with Nginx, it seemed like a “good thing to have”, so I’ve also re-installed that and (I think) I have that running too.
Connecting to NR through port 1880 works again and the NR UI works again.
Not quite sure what was going wrong with NR - but it did look like my NR hadn't been updated for some time (16 months?).
There were a couple of differences in the new config (no "dark_mode: false" line, no "require_ssl: true" line) - don't know if they could have upset my HA/NR machine.
Check whether they disabled an old version of SSL or TLS as well since that could also be the issue.