PE device has no TTS responses (server SSL)

[abliss]

Firmware: 25.1.0 (ESPHome 2024.12.2)
My symptoms seem very similar to #238 but I noticed that was diagnosed as a lack of TLS1.3 support on the device and closed.

I also don't get TTS responses on my Voice Preview Edition. I believe I followed the instructions at https://community.home-assistant.io/t/how-to-configure-lets-encrypt-ssl-certificates-for-home-assistant-completely-100-free-updated-for-2022-2023/508329 to use letsencrypt through the DuckDNS addon .

I noticed that at https://www.home-assistant.io/integrations/http/#ssl_profile it claims that the default profile is "modern", where the linked Mozilla page says

Modern: Modern clients that support TLS 1.3, with no need for backwards compatibility
Intermediate: Recommended configuration for a general-purpose server

So maybe "Intermediate" should be the default? However, I tried setting it to "intermediate" and saw no difference. Whether on "intermediate" or the default "modern", I also note that from a command line I can do "curl --tls-max 1.2" and the negotiation works fine. So perhaps the root cause is not in fact an inability of Home Voice Preview Edition to negotiate a TLS version? Maybe the issue is with the server's cipher suite (or something about the LetsEncrypt cert), rather than the TLS version itself?

When I curl with -vvv --tls-max 1.2 I see SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384 With 1.3 I see SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384.

I can use the device to set a timer, and after the timer goes off an alert chimes, so I know the microphone/speaker/network are working. But any response required text-to-speech doesn't seem to come through.

Also in the HA android app, the onboarding wizard fails at the "We're going to personalize your voice assistant" stage, saying "To play audio, the voice assistant device has to connect to Home Assistant to fetch the files. Our test shows that the device is unable to reach the Home Assistant server."

Also I have two other esphome smart speakers (one an atom m5) which do TTS fine.

I can't figure out how do pull logs from the device. Is there a way?

[zackslash]

I'm having a similar issue with responses, my HA server is also HTTPS via a TLS 1.3 cert, I also noticed that it looks like support for TLS 1.3 has been added to the firmware some time ago.

Have you ever had voice responses? For me they are more intermiment working ~70% of the time.

[abliss]

I did have some responses early on, but lately they seem to never work. I may have messed up a setting somewhere. I think it works (most of the time) when i set its "assistant" property to my preexisting openai-based one, but it never works with the one called "Home Assistant Cloud".

[zackslash]

I am still experiencing this issue on all my Voice PE devices, i've 'taken control' via ESPHome and can now see the following error logs on the device (Edited to remove my HA url):

[19:20:06][D][light:109]:   Effect: 'Replying'
[19:20:06][D][voice_assistant:641]: Event Type: 8
[19:20:06][D][voice_assistant:719]: Response URL: "https://<SNIP>.ui.nabu.casa/api/tts_proxy/PGt29nw.flac"
[19:20:06][D][voice_assistant:515]: State changed from AWAITING_RESPONSE to STREAMING_RESPONSE
[19:20:06][D][voice_assistant:522]: Desired state set to STREAMING_RESPONSE
[19:20:06][D][media_player:080]: 'Media Player' - Setting
[19:20:06][D][media_player:087]:   Media URL: https://<SNIP>.ui.nabu.casa/api/tts_proxy/PGt29nw.flac
[19:20:06][D][media_player:093]:  Announcement: yes
[19:20:06][D][voice_assistant:641]: Event Type: 2
[19:20:06][D][voice_assistant:733]: Assist Pipeline ended
[19:20:06][D][esp-idf:000][ann_read]: E (89588) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x7280

[19:20:06][D][esp-idf:000][ann_read]: E (89591) esp-tls: Failed to open new connection

[19:20:06][D][esp-idf:000][ann_read]: E (89596) transport_base: Failed to open a new connection

[19:20:06][D][esp-idf:000][ann_read]: E (89602) HTTP_CLIENT: Connection failed, sock < 0

[19:20:06][E][nabu_media_player.pipeline:171]: Media reader encountered an error: ESP_ERR_HTTP_CONNECT
[19:20:06][E][nabu_media_player:305]: The announcement pipeline's file reader encountered an error.
[19:20:06][D][voice_assistant:515]: State changed from STREAMING_RESPONSE to IDLE
[19:20:06][D][voice_assistant:522]: Desired state set to IDLE

I am suprised that the device is attempting to use the remote HA URL rather than the URL for my local network, im unsure yet as to the cause of the issue. Continuing to investigate.

[zackslash]

It seems to me that the firmware takes issue with some of the nabu.casa TLS certificates.

Going into Config -> Network -> and setting the Home Assistant URL 'Internet' URL to my local TLS URL seems to resolve this issue.

As devices no longer attempt to retrieve audio via the remote URL

[xpac1985]

Thanks for creating the issue and sharing your observations ♥
I can only add that I see the same issue - but only sometimes, and I couldn't see a pattern yet.
Often, when I haven't used my VoicePE for some time, the first command gets a reply, but all following commands don't work. But then, sometimes even the first command fails. Or multiple work. I've now changed my Internet URL to my local URL and will see if this works reliably or not.

[jonofe]

Going into Config -> Network -> and setting the Home Assistant URL 'Internet' URL to my local TLS URL seems to resolve this issue.

This does not work for me. It doesn't change the faulty behaviour.

Often, when I haven't used my VoicePE for some time, the first command gets a reply, but all following commands don't work. But then, sometimes even the first command fails.

That's exactly what I observe as well.

Really annoying situation. Was there any reaction from Nabu Casa on that problem?