On my C7 running v2.4.2.160, any time I try to avoid browser nags about security and get a secured connection to the hub at https://hubitat.local, the browser is redirected to https://<hub_ip_address>. Then I get the security nag screen, since there is no certificate matching the IP address, only for hubitat.local.
(The behavior is the same for MacOS browsers Chrome, Brave, Edge and Firefox. Only Safari will complete a secure connection to the hub, and helpfully displays the correct certificate, but still shows the IP address in the browser address bar.)
Similarly http://hubitat.local redirects to http://<hub_ip_address>, though obviously without the security nag.
Is this redirection from hubitat.local to <hub_ip_address> intended behavior?
The same phenomenon was noted in this post without any resolution before the topic was closed.
I only really started paying attention to it as I was installing a new router and DNS and trying to upgrade my network equipment to serve HTTPS with properly configured certificates. I note that the Hubitat behavior is the same whether I use the hub's in-built default certificate or a self-signed certificate that I have installed myself - both are also added as trusted certificates in my MacOS machine's Keychain Access app.
Please noted that I have specified http rather than https.
If you use https, the browser is going to look for the required security certificate, but there is none so you get an error message.
If you use http, the browser will connect, but will indicate that the connection is "Not Secure".
Also, be sure that your connection to your local LAN is setup as a Private Network, rather than Public.
To connect to Hubitat remotely, there are a few methods. You can set up a Dashboard and create a free WAN link to the dashboard.\
Another option is to use the Mobile Hubitat app to set up a similar WAN link.
The most robust option is to purchase a subscription for remote access to your hub. This method allows you full administrative access to the hub from a remote location.
Although, not specifically a Hubitat solution, I have established an ActionTiles account for my Hubitat hub. Using the dashboards created in ActionTiles, I can access my devices. This is similar to using the Hubitat dashboard. This method does not provide full admin access.
What makes that “the best” or even “better” than using the mDNS hostname?
I believe the issue as described by OP, and also in the linked thread, is that the mDNS hostname changes automatically to the current IP address in the browser window:
That’s not, as far as I’ve noticed, an expected behavior for mDNS, or it’s not required to do that at least (not an expert here, by any stretch of the imagination).
Do you ever browse to an mDNS hostname for any other devices on your LAN? Tell us if they do the same thing (i.e. redirect hostname to IP address within the browser window itself).
I should have made it clear that my Hubitat has been assigned a static IP address in the hub's network settings and is mirrored in my router's DHCP server. There is no ambiguity about which IP address is being used or which is being redirected-to. And we are talking about access to the Hubitat solely from within my LAN, without remote admin (or in my case Tailscale) access from the internet.
Yes, that is exactly the problem. I have no issue accessing the hub via HTTP and the IP address, only via HTTPS and the hostname, for which I have a self-signed certificate installed in the Hubitat and also in the certificate store (MacOS Keychain Access). Running
openssl s_client -connect <hubitat IP address>:443 -CAfile <my hubitat certificate>.crt
shows that the correct self-signed certificate is being offered by the Hubitat and verified by the local certificate authority.
Yes I have a number of devices on the network - other computers, routers, file and media servers - that are mDNS/Bonjour aware and none of them exhibit the behavior of redirecting a .local hostname to an IP address. Those that have an SSL certificate installed - either self-signed or issued by a CA - will serve their web interface over HTTPS without any redirection as I see with the Hubitat.
I am in the camp of, using hubitat.local just doesn't work on my network. I think there are others that have posted on this as well. I have several other mDNS/Bonjour devices on my network that work well using the .local links. It is just hubitat that does not. I wonder if the two issues are related.
In my statement concerning use of [https://findmyhub.hubitat.com ]
perhaps I should have used the adjustive "recommended" rather than "best". I am not saying it is the only way to do it.
Unlike the OP, my computers run either Windows 11 or Linux. Both can support mDNS by installing software like Boujour on Windows and Avahi on Linux, but I prefer not to do so. I set up DNS IP address reservations for all permanent devices on my network.
The issue is Hubitat networking non-standard behavior. Like the others here, my Hubitat hub translates its .local address to a numerical IP address. It is the only device I have that displays that behavior. It is mostly just annoying for me as I don't use https.
