Accessing HE using https stops dashboards working

I just noticed that when I connect to my HE over https I cannot open any of my local dashboards. They show up in the list of dashboards, but nothing happens when I click on them to open them. It works fine using http. I'm using version 2.0.8 of HE

Assuming on the latest version on chrome?

Try clicking the top "Dashboard Menu" to escape the iframe and you should be able to use your dashboards.

That works. Thank you! Is there a fix for this planned so it can be used in the iframe, using Chrome?

Sure, fix is planned, once we find the cause... Think this is due to a recent chrome change to block mixed content.

Ah, so the dashboards are only display in http? I presume there is some underlying challenge with dashboards that prevents you from publishing them using https?

They work fine over ssl / https... Something in the dashboard menu is not sending it correctly when in the iframe. Haven't had a chance to dive in and see what the root cause is. But escaping the iframe makes it work. You can switch any dashboard link to https and it will work. Except possibly where browsers like iOS block unsigned certs to websockets.

Poking this thread since I have the same issue. What I've experiencing is the dashboard local links all have the IP hardcoded into them (not the hostname) so the SSL fails and the dashboard won't load.

If I copy the link that fails, and replace it with a hostname, then it works.

This is the link that Hubitat is using:

But it needs to be:

1 Like

I'd like to bump this thread too - this has been an annoyance for me for years. What @lpakula described is accurate.

1 Like

Same issue happening to me, basically keeps me from being able to use SSL.

EDIT: I found a workaround...

  1. Open your hubitat using ssl locally using the FQDN
  2. Go to your dashboard and copy the URL in the error in chrome (hover over iframe) with the token ID
  3. Paste this into your address bar in chrome (should be the local IP) and then click the not secure and go to site settings
  4. scroll down to unsecure content and change the Block (default) to allow.

This will only allow unsecure content at the IP address on your LAN in this browser, I was unable to make this change on a mobile version of chrome, so just use the cloud version from mobile.

IMO it would really be nice if when enabling SSL you were allowed to set the FQDN referenced when hitting the local dashboards.