#Android app shows 'certificate invalid' error on local HTTP setup

1 messages · Page 1 of 1 (latest)

spice void
#

Hello,

I am experiencing an issue with the Home Assistant Android app that I cannot resolve.

My Home Assistant instance is running locally over HTTP (no HTTPS, no DuckDNS, no remote access).
Accessing Home Assistant from a browser (Chrome) on the same phone using the local IP works perfectly.

However, in the Android app, I frequently get the following error message:

Unable to connect to Home Assistant The date of the Home Assistant certificate is invalid
(Check attached image)

Important points:

  • I am not using HTTPS
  • I have removed DuckDNS
  • There are no SSL certificates configured
  • I deleted and re-added the server in the app
  • I cleared app cache and data
  • I reinstalled the app
  • The problem still persists

The error appears as shown on the attached image.
Home Assistant logs show no SSL or certificate errors, and HTTP requests work normally.

It seems the Android app (or Android itself) is trying to validate a certificate even though the server is configured for plain HTTP.

Could you please advise:

  • Why the Android app might still report a certificate error in this situation?
  • How to fully reset or prevent certificate validation when using local HTTP only?

Thank you for your help.

Best regards,
Edgar BEDU-NEYRINCK

Screenshot_20260117_100837_Home_Assistant.png
cursive turret
#

I added SSL to mine and when I did I had to add a line in the configuration.yaml file. Does yours have something similar to this? I wonder if it needs to be removed? Tread carefully though I know access can get weird when you play with the certs.

image.png
spice void
#

Hi thanks for the reply! I have removed those lines as an attempt to fix it

#

Perhaps I should add them back ?

cursive turret
#

Ah so they were already removed. I'm pretty sure for http they don't need to be there. Did you reboot after that? I don't think mine swapped over to https until I did.

spice void
#

Yeah I did and restarted multiple times as well as uninstalling the app and reinstalling it

wintry epoch
#

In your network settings, do you still have it returning a specific URL, or is it set to automatic?

spice void
#

It is set to auto

image0.jpg
spice void
#

I’ve identified the root cause of the “invalid certificate date” error on Android.

It turns out the issue is triggered by Lovelace iframe / webpage cards in the dashboard.
In my case, a vertical stack containing an iframe pointing to an external webpage was enough to cause the Android app (WebView) to show a certificate error notification on launch.

Example of the problematic card:

- type: iframe
  url: https://calendar.lou-magnenat.fr/2/1?banniere=true
  aspect_ratio: "14"
  hide_background: false

What happens:

  • The embedded webpage loads external JS resources
  • One of those resources has a certificate issue
  • Android WebView is strict and shows a global SSL error popup
  • Browsers usually don’t show it, which makes this confusing

As soon as I remove all iframe/webpage cards from all my Lovelace dashboards, the error disappears completely (including the Android notification pane issue).

I won’t investigate further since I can live without the iframe, but I’m sharing this in case others hit the same problem.