F5F Stay Refreshed Power Users Networks Homelab SSL/TLS certificate via CloudFlare tunnel

Homelab SSL/TLS certificate via CloudFlare tunnel

Homelab SSL/TLS certificate via CloudFlare tunnel

C
CptSwam
Junior Member
Find
6
11-21-2025, 07:20 PM
#1
Hello everyone! I’ve begun moving my services from a fixed IP address to a Cloudflare tunnel and have run into some challenges. The tunnel operates fine, but not all applications behave the same as before I used a static IP. I’m here to share some examples to help clarify what’s happening (e.g., 5454 = Kasm Workspaces, 8123 = Home Assistant). At first, I only had a static IP, then switched to DuckDNS, and now I’m trying another upgrade. Here’s what I’ve noticed:

- **Kasm Workspaces Static IP**: https://78.108.x.x:5454
The screen shows a warning: “Your connection isn't private” and “net::ERR_CERT_AUTHORITY_INVALID.”

- **DuckDNS**: https://xxgmxx.duckdns.org:5454
Same warning appears as with the static IP.

- **Cloudflare**: https://kasm.xxgmxx.com
Loads normally, no warnings—connection is secure.

- **Home Assistant Static IP**: https://78.108.x.x:8123
Displays a warning about an invalid certificate and shows “Connection is secure.”

- **Cloudflare**: https://homeassistant.xxgmxx.com
Returns a 400 Bad Request error, with details about the certificate not being trusted.

I’m trying to figure out why Kasm works smoothly while Home Assistant doesn’t, even though both services have certificates. It seems the certificate issue is central—especially how it interacts with the Linux system behind the Cloudflare tunnel and the redirection from the external URL to the local IP of Home Assistant.

If this makes sense, I’d expect both Kasm and Home Assistant to return similar errors. I’m considering disabling SSL or removing the certificate temporarily to see if that resolves it, but I’d rather have Home Assistant function like Kasm. Any tips or insights would be greatly appreciated!
Reply
Reply
C
CptSwam
11-21-2025, 07:20 PM #1

Hello everyone! I’ve begun moving my services from a fixed IP address to a Cloudflare tunnel and have run into some challenges. The tunnel operates fine, but not all applications behave the same as before I used a static IP. I’m here to share some examples to help clarify what’s happening (e.g., 5454 = Kasm Workspaces, 8123 = Home Assistant). At first, I only had a static IP, then switched to DuckDNS, and now I’m trying another upgrade. Here’s what I’ve noticed:

- **Kasm Workspaces Static IP**: https://78.108.x.x:5454
The screen shows a warning: “Your connection isn't private” and “net::ERR_CERT_AUTHORITY_INVALID.”

- **DuckDNS**: https://xxgmxx.duckdns.org:5454
Same warning appears as with the static IP.

- **Cloudflare**: https://kasm.xxgmxx.com
Loads normally, no warnings—connection is secure.

- **Home Assistant Static IP**: https://78.108.x.x:8123
Displays a warning about an invalid certificate and shows “Connection is secure.”

- **Cloudflare**: https://homeassistant.xxgmxx.com
Returns a 400 Bad Request error, with details about the certificate not being trusted.

I’m trying to figure out why Kasm works smoothly while Home Assistant doesn’t, even though both services have certificates. It seems the certificate issue is central—especially how it interacts with the Linux system behind the Cloudflare tunnel and the redirection from the external URL to the local IP of Home Assistant.

If this makes sense, I’d expect both Kasm and Home Assistant to return similar errors. I’m considering disabling SSL or removing the certificate temporarily to see if that resolves it, but I’d rather have Home Assistant function like Kasm. Any tips or insights would be greatly appreciated!

Reply
Reply
K
Kapodistrias
Member
Find
130
11-21-2025, 07:51 PM
#2
The HTTP request's hostname section needs to align with the common name or subject alternative name from the certificate. This is why the home assistant section raises an issue about the common name being invalid. It's attempting to access a page using an IP in the hostname field, even though the certificate provided a fully qualified domain name for that hostname.
Reply
Reply
K
Kapodistrias
11-21-2025, 07:51 PM #2

The HTTP request's hostname section needs to align with the common name or subject alternative name from the certificate. This is why the home assistant section raises an issue about the common name being invalid. It's attempting to access a page using an IP in the hostname field, even though the certificate provided a fully qualified domain name for that hostname.

Reply
Reply
P
pibacho9828
Junior Member
Find
13
11-23-2025, 12:22 AM
#3
The KASM appears to function independently without being linked to a specific domain, which allows compatibility with HA. Creating the certificate resolved the issue, though the underlying reason for its different behavior remains unclear.
Reply
Reply
P
pibacho9828
11-23-2025, 12:22 AM #3

The KASM appears to function independently without being linked to a specific domain, which allows compatibility with HA. Creating the certificate resolved the issue, though the underlying reason for its different behavior remains unclear.

Reply
Reply