#Can't add Homeassistant Voice PE to Homeassistant

Hi.

I've been struggling getting my Voice PE to get added to Homeassistant. I get the prompt "The voice assistant is unable to connect to Home Assistant".

When checking the logs on the Voice PE i get the logs in the print screen.
I do have Homeassistant on a separate VLAN, and the Voice PE on an IoT VLAN. I've created firewall rules for the Voice PE to be able to access HA on port 443, and i've verified with wireshark that they are indeed communicating with the Voice PE initiating the HTTPS traffic on port 443.
I use Letsencrypt for SSL certificate and just updated my cert as well. I updated the Voice PE to 2025.1.0 since i found some had issus with TLS1.3.
The Home Assistant URL in System->Network is set to the FQDN, same as used by the Letsencrypt TLS-cert for both external networks and local networks.
When i try to access the .flac URL, i only get a 0byte flac file.

Could it be something wrong with the Piper TTS setup?

might want to try clearing the tts cache as a start,

Is it enough to do the "Text-to-speech (TTS): Clear TTS cache" from the actions in developer tools? In that case, it don't seem to solve the issue. The log outputs the same.

I guess https is the issue maybe?

Check this thread for changing host: https://discord.com/channels/330944238910963714/1326961294481559552

There's no reason to put https external URLs there.

link seems broken btw, at least for me it just goes to the voice-assistants channel

Sorry https://discord.com/channels/330944238910963714/1326961294481559552

Assume you mean #1326961294481559552 message ?

Redacted initial message too

Hmm, Are you reffering to not using HTTPS, or not using the FQDN on the local network settings? Because since i'm using HTTPS, HA seemingly does not support to also serve plain HTTP, so i can't have HTTPS on external and HTTP on local. And when trying to set https://192.168.69.14 (the internal IP of HA), HA complains that the cert i have does not reflect the hostname/IP configured.

The FQDN that my HA has is something like hass.example.com with a letsencyrpt cert and it's https://hass.example.com that i browse to when on a computer or when using the companion app.

I tried to increase the logging on the Voice PE to verbose but it didn't really add anything extra with regards to the error message so it's not that informative on what goes wrong. That was however before i updated to 2025.1.0.

I assume the Voice PE should work with TLS? I saw that TLS1.3 (which according to the wireshark dump, is being used) was added in 24.12.9.

Yeah it should - but i see a lot of user requests about broken PE and https in HA URL.
You definitely should use https from outside. I, for one, use it via NGINX, and my Let'sEncrypt certificate is bound there - HA itself is pure http.

So IDK if there's any workaround for cases like yours, when HA has HTTPS directly.

Ah, i see. I'm not really exposing HA publicly anyway, but rather only locally on my network(s) or via VPN. I had hoped to not have to setup NGNIX with reverse proxy and move the LetsEncrypt handling to there, but i guess it might be the next step, or maybe temporarily disable HTTPS to see if that solves it.

Thank you so much for you time and support though!

No problem. IDK maybe there is a way to make PE working with HTTPS...

So your HA is only accessible through HTTPS? even on the local network?

Yes.

First thing's first, though: allow the VPE to send/receive traffic on ALL UDP ports to/from the HA host

Oh, I forgot to say that i had resorted to allowing all traffic from VPE to HA, so not only port 443 and not only TCP, but all and HA is allowed to all of the IoT-net, where the VPE resides.

Right. Does assist_satellite.announce work on it, then? Or any playback whatsoever?

Yes, it actually does!

The setup procedure still fails though.

Any clue here @dark hamlet ?

Seems like maybe the ffmpeg_proxy in esphome is misbehaving somehow?

I don't know if the proxy will work over HTTPS. I think ESPHome has some issues with certain kinds of certificates.