blakeblackshear
Disabling Validate SSL doesn't disable SSL validation
Version of the custom_component
5.9.2/0.15.0-6cb5cfb
Configuration
{
"created_at": "2025-05-05T23:05:38.186968+00:00",
"data": {
"password": "<REDACTED>",
"url": "https://192.168.86.29:8971",
"username": "admin",
"validate_ssl": false
},
"disabled_by": null,
"discovery_keys": {},
"domain": "frigate",
"entry_id": "01JTHB58MAWCCGS8R8PYR2HC97",
"minor_version": 1,
"modified_at": "2025-05-05T23:05:38.186971+00:00",
"options": {},
"pref_disable_new_entities": false,
"pref_disable_polling": false,
"source": "user",
"subentries": [],
"title": "Docker Frigate",
"unique_id": null,
"version": 2
}
Describe the bug
Unchecking
during setup is not preventing Frigate from failing to connect when using a self-signed certificate. Component creation goes through without failure, but no devices are presented for sorting into areas, and the camera streams all fail to load.
All other sensors/switches appear to work fine.
Debug log
Reverse proxy error for /api/frigate/frigate/thumbnail/1746481934.608913-fzb8a5: Cannot connect to host 192.168.86.29:8971 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1028)')]
Reverse proxy error for /api/frigate/frigate/thumbnail/1746481971.001595-vyhc69: Cannot connect to host 192.168.86.29:8971 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1028)')]
Reverse proxy error for /api/frigate/frigate/thumbnail/1746473994.597011-50lh17: Cannot connect to host 192.168.86.29:8971 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1028)')]
I am experiencing a problem related to this as well, and it caused similar (if not the same) symptoms as #812 where live feeds work great, but snapshots/clips/etc don't load.
I was able to track it down to the integration not being happy with the SSL certificate being used despite having Validate SSL unchecked. The cert is a proper cert from Lets Encrypt, but it's for the hostname that I have exposed through NginxProxyManager and I had Home Assistant configured to connect directly to the system running Frigate, so the hostnames didn't match. This requires disabling SSL verification.
I was able to work around it for now by having Home Assistant connect to Frigate through NginxProxyManager, but this is less than ideal as it adds extra, unnecessary, network hops for a live camera feed.
Exactly my work around, using NPM with a valid cert on an external domain, but as you said this is an extra hop, plus HA OS is so bad at DNS resolution that if my NPM reboots I have to reboot HA to get frigate working again.
Not ideal, but it can be worked around. Was looking forward to this feature though.
Confirming I have similar issues. Streams fail to load, I've had to revert to using port 5000 for the time being
Same issue. is this supposed to work? Is this going to be fixed? Not sure whether to hold tight or switch my config back.
I was originally running Frigate on a trusted cert with everything behaving fine in Home Assistant. I saw that there is now an option to disable SSL validation and wanted to run Frigate on my self-signed cert instead. Switched the Frigate server to the self-signed cert, all working great there. Reconfigured the Frigate HA integration URL with the 'Reconfigure' option. Integration accepted the change and connected / authenticated. Streams are working in the Advanced Camera Card but the clips/snapshots/thumbnails etc do not. Also the HA media browser > Frigate is also broken with dead thumbnails for media that won't play. Logs report:
Reverse proxy error for /api/frigate/frigate/thumbnail/1747828123.175446-zs0tnb: Cannot connect to host <my_domain>:8971 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1028)')]
Same issue. is this supposed to work? Is this going to be fixed? Not sure whether to hold tight or switch my config back.
I was originally running Frigate on a trusted cert with everything behaving fine in Home Assistant. I saw that there is now an option to disable SSL validation and wanted to run Frigate on my self-signed cert instead. Switched the Frigate server to the self-signed cert, all working great there. Reconfigured the Frigate HA integration URL with the 'Reconfigure' option. Integration accepted the change and connected / authenticated. Streams are working in the Advanced Camera Card but the clips/snapshots/thumbnails etc do not. Also the HA media browser > Frigate is also broken with dead thumbnails for media that won't play. Logs report:
Reverse proxy error for /api/frigate/frigate/thumbnail/1747828123.175446-zs0tnb: Cannot connect to host <my_domain>:8971 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1028)')]
I am having the same exact error after pulling in the fix for #812 I really do not want to setup a reverse proxy/trusted cert. For now, disabling TLS and then connecting to http://ip:8971 works but this is not my preference.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I haven't tried this in a while but I'm unaware of any reason this would be fixed. Anyone else?
Me either, presumably it's still broken. Is anyone taking an interest in addressing it I wonder? Edit: Ah spoke too soon, stale just removed...
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
+1 same issue here, from HA logs:
Logger: hass_web_proxy_lib Source: custom_components/frigate/views.py:188 integration: Frigate (documentation, issues) First occurred: 11:00:03 AM (105 occurrences) Last logged: 3:01:12 PM
Reverse proxy error for /api/frigate/notifications/1756418284.156604-gv527a/snapshot.jpg: Cannot connect to host coedo.mydomain.net:8971 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1028)')] Reverse proxy error for /api/frigate/notifications/1756418283.90712-wjzx34/snapshot.jpg: Cannot connect to host coedo.mydomain.net:8971 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1028)')] Reverse proxy error for /api/frigate/notifications/1756418284.156604-gv527a/review_preview.gif: Cannot connect to host coedo.mydomain.net:8971 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1028)')] Reverse proxy error for /api/frigate/notifications/1756418283.90712-wjzx34/alley/clip.mp4: Cannot connect to host coedo.mydomain.net:8971 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1028)')] Reverse proxy error for /api/frigate/notifications/%3Cevent-id%3E/thumbnail.jpg: Cannot connect to host coedo.mydomain.net:8971 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1028)')]
Same Issue Frigate -> Home Assistant can't show recordings certificate verify failed: self-signed certificate
Reverse proxy error for /api/frigate/frigate/thumbnail/xxx: Cannot connect to host xxx ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1028)')]
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
SOLVED
Why this occurs:
The issue here is that while Frigate's "validate SSL" is turned off, the HA's own aiohttp is fetching snapshots, clips etc and it always attempts (and fails) to validate SSL. When using the advanced-camera-card or media player, it is not Frigate's integration that is fetching the media, but HA's built in HTTP client.
As a result, you can see the RTSP stream, but the other features through the advanced-camera-card are failing.
Error looks like this: WARNING (MainThread) [hass_web_proxy_lib] Reverse proxy error for /api/frigate/frigate/thumbnail/...: Cannot connect to host frigate.local:8971 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1032)')]
Workaround solution for this problem:
There are three possible workarounds (fastest/easiest first). After applying all the snapshots show and videos play, including the old ones that were showing broken links.
A) Use HTTP instead of HTTPS to access Frigate. Frigate provides an HTTP interface on port 5000.
- Expose that port in docker or the add-on, if it's not exposed already. Test in a browser as http://your_frigate:5000
- Change the URL from https to http in the integration configuration (Re-configure) and change the port from 8971 to 5000
B) Create a certificate for Frigate and install it on your HA's trust store so HA trusts it.
This is much more complicated - you will need to upload the CA cert to HA and then set the environment variable SSL_CERT_FILE to point to it, so that HA's aiohttp trusts it.
C) Run a reverse proxy (Nginx, Traefik, Caddy) in front of Frigate with a properly issued SSL cert (eg. LetsEncrypt).
This is also complicated...
Option B can be simplified by installing the Additional CA integration through HACS. Although I have this installed and it works for SSL trust on some other integrations I use, I haven't tested it yet with Frigate.