Alexa Enlightenment

Last updated November 16, 2016: In a recent blog entry I told you how we’d been playing with Amazon Echo (Alexa) and got it working. Well, nearly. It turns out that what SEEMS obvious in the system is not all it seems - but read on as we've had success.

What is Alexa?

Actually the device is called an Amazon Echo – or for the cheap version and Amazon Dot. It is a box requiring power and WIFI that you can talk to and which will control things. It can automatically discover certain (and often expensive) commercial devices, it can play music, it can answer questions, set diary appointments, make shopping lists – all by voice. And with a little effort can talk to Node-Red to open up a whole new world of DIY possibilities.

Listening for specific words

For example in the Amazon setup pages, you can define variables that will only accept a certain amount of options – so for example – you might say “Alexa, tell computer to turn kitchen lights on” where “lights” could be, say, light, lights or heater.

And that’s fine – but you can’t TRUST that. the word “flights” works equally well and Amazon makes it clear in their documentation that you must do your own tests – any similar valid word in the dictionary could have been accepted (which seems utter madness to me but there you go). Indeed when we tested this – we found all sorts of irregularities – there is no way to say “accept ONLY these words”. And, if you say something that is not at all acceptable, the system will wait to time out – and that takes several seconds – which would annoy the hell out of the spouse. So – if you’re going to have to do your own checks anyway, we reasoned you may as well just try to get the basic words out of the units into Node-Red and “do your own thing”. To be clear then, the Amazon unit is no-where near perfect at word recognition and you have to consider that when designing a solution. I wonder if Google will be better.

Wemo Emulator

A slight diversion here: If ALL you want to do is turn things on and off with Alexa and Node-Red – you COULD just ignore the rest of this article and go grab node-red-contrib-wemo-emulator or read other posts here describing my modifications to FAUXMO.


No – REALLY – drop it in – give it a name – like Orange – and define topics and payloads (which might go off to, say, MQTT or may be used to trigger direct port control on a Raspberry Pi or similar) for each of the two commands ON and OFF. Tell your Alexa to go looking for devices – it will find orange – and THAT IS IT – no HTTPS, no NOTHING. It really doesn’t get any easier.  But only ON and OFF which is a bit restrictive - and for heaven's sake don't use the word "shed".

How about controlling your TV. Well, the Anymote Smart controller for Android will talk to Alexa and then hence control stuff by infra-red  – except I can’t get it to talk to Alexa. I’ve written off to the guys at Anymote and will report back. But that takes care of all sorts of Infra-Red stuff as long as you leave your phone on!  Not ideal really.

The Bigger Picture

And now – back to the bigger picture!

Before Alexa, all Aidan and I wanted was something that would listen to requests and then fire speech out so we could handle it ourselves in Node-Red – and that is exactly what we have now achieved. Some will shrink in horror at this having already done it another way – but it looks to us like a great general way forward provided you’re happy with writing your own simple,  high level code to handle a sentence like “kitchen lights on” which could be as simple as a string comparison.


What we’ve done here – is to simple make Alexa collect up to 15 words (arbitrary number) after “ask computer to” – where “computer” is whatever word you want to be (the “skill”) and put them in an array, that function above, called “Alexa” does all of this and strips out words like “eh” “and”, “please” etc. – and you can add more exclusions.  If you forget to actually say anything – the second output of the Alexa function handles it all for you automatically.

So in USER FUNCTION – you get an array – msg.word – with up to 15 lower case words – with the rubbish stripped out. You also get msg.combined, a simple string with everything in one string. If your requirements are simple – the latter might be the way to go.

If you merely want to have Alexa repeat the salient points of what you said so that “Alexa tell the computer to turn the lights on” – the output will be “you said: lights on”

[pcsh lang="js" tab_size="4" message="" hl_lines="" provider="manual"]

msg.payload = "You said. " + msg.combined;
return msg;


Alexa tell the computer to turn the lights on”

So above, Alexa reads the words in purple and passes on the rest. The simple Node-Red Alexa function strips out the words in red – and passes on the remainder in both an array of words and a simple string.

So clearly you might want that USER function to have outputs for MQTT and EMAIL and whatever other stuff to control your kit – that, of course, is easy and up to you. If you have 2 outputs from the function (set the number of outputs at the bottom) you can write to both at once – or separately by returning an array of messages -  or just one and a null etc. When you send a null – nothing goes out.

Now – I don’t want to go TOO heavily into this because simply string comparisons is probably not the way to go for any kind of sizeable setup… but here is something I’ve used as a test and it absolutely works a treat.


The code in the user function (note the extra output) is trivial to say the least.

[pcsh lang="js" tab_size="4" message="" hl_lines="" provider="manual"]

var msg2 = {};
switch (msg.combined)
    case "office lights on" : 
            msg.payload="The office lights are now active";
    case "office lights off" : 
            msg.payload="The office lights are now off";
    case "thank you" : msg.payload="No problem, to be sure."; break;
    default : msg.payload="You said: " + msg.combined;break;
return [msg,null];


In the example above, I have the function react to “Alexa tell the computer to turn office lights on” by sending an ON command via MQTT to one of my ESP8266 boards. Off has a similar effect, different parameter. The final command it just a bit of fun.

Really – so to get all of this fun, you have to set up your SSL (which I found incredibly painful but in retrospect it was dead easy – another of life’s hurdles out of the way) so that Amazon’s servers can talk to a secure connection (your Raspberry Pi or whatever you are using – FriendlyArm Neo or similar would be just as good running Debian), you need to update some stuff into Amazon’s site – and from there on you never touch the Amazon site again –which is of course the point really -  you only have to concern yourself with your USER FUNCTION in the cosy and quick-to-alter Node-Red environment. What you do with that is up to you.  In my case I’ll add another output to go to MQTT and whatever comes in is processed and maybe does something – any message in msg.payload (you HAVE to send something back) is spoken by Alexa when you’re done. It really doesn’t get a lot easier.

In a really trivial case you might, with TWO outputs,  (the first should be used to return a message;


[pcsh lang="js" tab_size="4" message="" hl_lines="" provider="manual"]

if (msg.combined==”lights on”)
msg.payload=”Ok, light is on”; node.send([msg,null]);
msg.topic=”kitchen/toesp”; msg.payload=”{out0:1}”; node.send([null,msg]);


Ok, I know, create another object and send them both out at once – I’m trying to keep this simple.

But of course, in reality, you’ll be likely to do FAR more than this and hence having the separate words in an array is useful.

So - on Amazon - you need an intent!

[pcsh lang="js" tab_size="4" message="" hl_lines="" provider="manual"]

  "intents": [
          {"name": "wa", "type": "LITERAL"},
          {"name": "wb", "type": "LITERAL"},
          {"name": "wc", "type": "LITERAL"},
          {"name": "wd", "type": "LITERAL"},
          {"name": "we", "type": "LITERAL"},
          {"name": "wf", "type": "LITERAL"},
          {"name": "wg", "type": "LITERAL"},
          {"name": "wh", "type": "LITERAL"},
          {"name": "wi", "type": "LITERAL"},
          {"name": "wj", "type": "LITERAL"},
          {"name": "wk", "type": "LITERAL"},
          {"name": "wl", "type": "LITERAL"},
          {"name": "wm", "type": "LITERAL"},
          {"name": "wn", "type": "LITERAL"},
          {"name": "wo", "type": "LITERAL"}


and a "sample utterance"

[pcsh lang="js" tab_size="4" message="" hl_lines="" provider="manual"]



All we’re doing here is telling Amazon, for the “intent” “computer” – to collect up words and fire them off. And that's it for the Amazon end apart from the usual details they need about you and the https address of your website (the node-red exposed point).

As for Node-Red itself - the example above:

We have an http node which has nothing more than POST and “/echo” as the URL - then our ALEXA function contains the following - it may well be far from perfect but for now it works.

[pcsh lang="js" tab_size="4" message="" hl_lines="" provider="manual"]

var doStuff = {payload: msg.payload.length};

switch (msg.payload.request.type)
    case "IntentRequest":
    if (   === "inputIntent")
        var word = [];
        word[0] = msg.payload.request.intent.slots.wa.value;
        word[1] = msg.payload.request.intent.slots.wb.value;
        word[2] = msg.payload.request.intent.slots.wc.value;
        word[3] = msg.payload.request.intent.slots.wd.value;
        word[4] = msg.payload.request.intent.slots.we.value;
        word[5] =;
        word[6] = msg.payload.request.intent.slots.wg.value;
        word[7] = msg.payload.request.intent.slots.wh.value;
        word[8] = msg.payload.request.intent.slots.wi.value;
        word[9] = msg.payload.request.intent.slots.wj.value;
        word[10] = msg.payload.request.intent.slots.wk.value;
        word[11] = msg.payload.request.intent.slots.wl.value;
        word[12] = msg.payload.request.intent.slots.wm.value;
        word[13] = msg.payload.request.intent.slots.wn.value;
        word[14] = msg.payload.request.intent.slots.wo.value;
        var thisone =0, processed = 0, total = word.length;
        for (;;)
            var nxt = "";
            switch (word[thisone])
                case "cancel" :
                        msg.payload = "";
                        return [null, msg];
                case undefined:
                case "the":    
                case "to":
                case "thanks":
                case "thank":
                case "and":
                case "turn":
                case "a":
                case "please":
                case "you":
                case "er":
                case "erm":
            if (++processed >= total)
        msg.topic = "";
        msg.payload = "OK";
        doStuff.word = word;
        msg.word = word;
        for (a = 0; a < word.length; a++)
            msg.combined += word[a] + " ";    
    return [msg, null];

    case "LaunchRequest":
    msg.payload = "You need help";
    return [null, msg];
    case "SessionEndedRequest":
    msg.payload = "Session Ended";
    return [null, msg];
    msg.payload = "Unrecognised Intent";
    return [null, msg];


Note I've added a check for the word "cancel" which simply returns nothing, immediately. This is a vital addition as sometimes you just talk gibberish and want to get out of it!

The format response function looks like this…


The other blocks don’t have anything in them – other than the user function in which you can make use of msg.combined and msg.word.  When you are done be sure to send the message out – payload containing text of your choice – as Amazon does need a return value even if your text is blank.


Set up an Amazon account – get PRIME if you want their music – if you’re rich get a Spotify account as the Amazon music selection is naff.

Get HTTPS so the end point of your Node-Red page (no real page exists) in my case

That domain or subdomain needs to point to your building – and your router should redirect port 443 (ssl) traffic to port 1880 on your PI or whatever you are using. Why 443 - isn't that a pain for routers which have SSL management and VPN - yes it is - you have to move those to another port. WHY Amazon absolutely insist on port 443 for SSL I don't know - because any port will work but they won't accept them - please by all means do take it up with them.

If you have passwords set up on your Node-Red and your Node-Red UI (which I do) you’ll have to pass them in the  Amazon website string – and I recommend you do this as clearly you don’t want any old Tom, Dick or Harry logging into your Node-Red

Once they are set up is a matter of going to the Amazon developer site with your account – the Alexa tab, setting up s skill including letting it know about your URL – filling in the bits above – and soon thereafter your DOT or ECHO or whatever you are using should be sending text over to you – to do whatever you want with.

Clearly, this will develop – splitting text up into words like this is useless for email addresses – so “Alexa tell the computer to send an email to” is simply not going to work – and as for “Aidan” – it makes a complete mess of that Smile

For reference – we made up some notes from our efforts to get an SSL certificate – if you have proven, better ways that cost less and don’t involve re-signing on every now and then as some freebies do – and which you know Amazon will accept as genuine – by all means give us blow by blow info. If you have a better, more complete, simpler description – please do let us know.

From our notes on setting up SSL – https – which may or may not be useful…

You need a trusted certificate to work with Alexa if you want it to talk to your Node-Red setup. Aidan has emailed the Amazon developer guys and eventually got a reply to say they had an issue with self-generated certificates, now resolved - sadly my router setup appears ot have an issue with them and so I can't test this (the router setup in Spain simply WILL not pass through port 443 to an internal unit).

With Node-Red typically you would have separate username and password for external access - this can be re-used with https: and the https: url can bypass the username and password requirement which means you can continue to use UI (dashboard externally).

Obtain SSL from – in our case,

So, the procedure is to pay your money and then use openssl to generate a certificate request (.csr) file.

openssl req -out -new -newkey rsa:2048 -nodes -keyout

Enter all the details that are asked for, but when it comes to the ‘Common Name (e.g.server FQDN or YOUR name)’ bit, you must put in the domain name of your server (without the ‘www’ as you get that anyway), so enter ‘’ into the ‘common name’ section and you will be verified for and

Before you start the above process, make sure that you can access your Pi (or whatever) externally using your domain name to avoid unnecessary delays.

When you have your .csr, then edit it and cut and paste the full certificate request into the request box when it asks for a certificate request.

It will then generate a small text file for you to place in the www/html root of your Pi. Make sure that you can access it externally by cutting and pasting the file name into a web browser, such as (or whatever the file name is). When you enter that into a browser, you should see the contents of the file appear.

When you’re happy that works, then click continue on and it will verify your website and generate your certificate and bundle which you can then get by clicking ‘download’ to get a zip file.

Store this all safely (including the private key file  that you generated with the .csr file) – i.e. make a backup!

You can use a subdomain - so that if you use for something else you can have for Alexa and Node-Red (verified – I am using a “things” subdomain without issue while my basic root www address is going elsewhere).

Using advanced DNS or similar function with your provider, point to your site. In your router, take 443 and point to the 1880 port of your node-red Pi.

We checked and you definitely can’t use anything other than port 443.

Temporarily route port 80 (website in our case) to Pi - as you'll be asked to dump a file in the root folder for verification..... once complete this can be restored to whatever you were using it for in the first place.

Some files need to go into a folder i.e. /home/pi/ssl (our choice) and your info set up in node-red settings.js needs to know where they are...

Need to setup certificate in settings.js (https://... And uncomment ‘fs=’ …etc.

NOTE: I’ve just had to move the lot from one Pi to another – because I messed up the installation of the Pi and had no ports to play with. I can confirm – ALL that is needed is to move the certificate files (in any old directory) to the new Pi and make changes to the Node-Red settings file – uncommenting FS and adding two lines for the certificates - that’s it – all up and running – this is no-where near as complicated as I initially thought it would be.

Also, if your certificate isn’t from a root CA then you need to copy your base certificate into the certificate chain, mainly because node-red doesn’t give you any option to use a certificate bundle file. i.e. edit your .crt file, copy the contents and paste to the top of the ‘’ file -  this will add your certificate to the chain file.

Use SSL CHECKER  to check validity

Make sure that the certificate is verified all the way up to the issuing root Certificate Authority or Amazon will reject it

When all working - put your port 80 to where it was. After everything works - reboot your router to be sure.

And if I have not said it before – Amazon’s music library is SHITE!


84 thoughts on “Alexa Enlightenment

  1. Hi Pete,

    maybe it would be possible to use mod_proxy with an apache and letsencrypt ssl cert and certbot for automatic renew?
    Proxy with basic auth to secure incoming connectins to node red, and proxy traffic from 443 to 1880? Just a quick solution i have to prove.
    Hope to get my dot next days - release will be 26.10.2016 here in germany.

    Best regards,

  2. Just a quick shot to set up reverse proxy with ssl and basic auth - not tested:

    You will need:

    sudo apt-get install -y apache2 libapache2-mod-proxy-html

    Create a apache conf file f.e. /etc/apache2/sites-available/node-red_ssl.conf

    ServerAdmin webmaster@.
    ServerName .
    DocumentRoot /var/www

    Options FollowSymLinks
    AllowOverride None
    AuthType basic
    AuthName "Secured"
    AuthBasicProvider file
    AuthUserFile /etc/apache2/ssl/node-users

    Require valid-user

    SSLCertificateFile /etc/apache2/ssl/.crt
    SSLCertificateKeyFile /etc/apache2/ssl/.key
    SSLCertificateChainFile /etc/apache2/ssl/.crt

    RewriteEngine On
    redirectmatch ^/node-red$ /node-red/
    ProxyPass /node-red/ http://:1880/node-red/
    ProxyPassReverse /node-red/ http://:1880/node-red/

    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/node-red_ssl_access.log combined
    SSLEngine on



    sudo htpasswd -c /etc/apache2/ssl/node-users
    sudo a2enmod proxy proxy_http ssl rewrite
    sudo a2ensite node-red_ssl.conf
    sudo service apache2 reload

    1. Now tested version with some modifications.

      Works so far with letsencrypt cert (certbot) and basic auth.
      I get my node-red gui. Change the paths in .conf file or create another proxy path to call a specific node-red sub-page like /ui.

      Have to stop testing for today.

      Good luck!

      1. Hi Andreas,

        Thank you for providing this. I am going to give it a shot this week, I just have one question regarding the contents on the conf file. Does . need to be replace with my domain name?

        Thank you,


  3. Can this be used with a dyndns domain name or will I need to get a real domain to use this?
    If I use a real domain, is it possible to update the IP address when my IP changes. My ISP generally only changes the IP if my modem has been offline for more than 24 hours. I've basically had the same one for a year now.

    1. Hi

      No idea re: dynamic address. A long time ago I made the decision because of various control gadgets, to pay the extra £1 a month for a fixed IP with my provider - both here and in Spain.

      Saves a lot of hassle. Someone else might advise re: SSL and dyndns - do-able?

      1. It seems to be stuck on the in progress state for well over an hour now so looks like it's not possible. I am trying to check with the ISP to see if I can get a fixed IP and then I can use one of my free domains to connect to it.

        1. well, it's absolutely normal... if you don't ask, normal operation of a home router is "all out, none in"... you have to ask a "port forward", or "virtual ip", or "nat", or whatelse, saying your isp to open port 80 towards your local raspberry ip address... in many cases you can do it yourself by going in the router admin interface... in any case, you know the risks of opening an unprotected local service to the world: someone can hack your device and escalate privileges and even going elsewhere in your home network, at that point... take care, the fact that you didn't know that port 80 is blocked by default let me think you didn't think all of this 🙂

          1. Sorry, but I know more than enough about his subject. I've used a number of ports via port forwarding on the router over the years to get access to my old Homeseer and for commercial work. 🙂
            I've done enough testing this afternoon to think that the ISP is blocking ports under 1500. I've tried various and no access. Set 1999 or 2000 for example to redirect to the RPi3 and I can see the default Apache webpage. Set 1400 and nothing. I've sent them an email to find out. Sadly they don't offer any fixed IP options. This may turn out to be a futile exercise and a waste of the SSL cert. Luckily it was cheap 🙂

            1. sorry, didn't want to be offensive...
              very strange... maybe your isp is doing some NAT (as do Fastweb in Italy, and you have to pay an additional fee to have open ports or public ip, static or not)...

              1. No problem. 🙂

                Looks like I need to try and convince the ISP to open ports 80 and 443 on my connection. I hope they have the tech know how to do this or I just wasted money on the SSL cert 🙁

          1. I don't think so. I can use other ports and they always work with the IP address. The issue here is that the SSL certificate site requires verification using standard HTTP on port 80 and it appears blocked. Will see if the ISP is willing to unblock this and 443 for me to get this working.

              1. This is Indonesia I live in and they are not known for good customer support.
                I asked and they said no. 🙁
                Looks like I may have to wait until I get my Respeaker from Seeed Studio before I can do any more on this.
                My alternative is to setup a redirection on another web host on the likes of GoDaddy to get this to work. If this works I'll post this on my own blog for others who have the same issue with their ISP.

                1. My ISP blocks 80 and 443 as well, unless you have a business account. I get around with using a url redirect from my dynamic DNS provide - I can type in in a browse r and the DNS redirect it translates it in the background to mydomain:3000 that gets through to my home machine. Not sure if this will work for SSL or not - but it's on the list of things to try.

                2. Please do Dave - I cannot believe an ISP (unless it's a freeby) would put blocks on ports - I think I'd be telling them to shove it assuming there is competition. So for reference here in the UK I use Plusnet as an ISP and in Spain I use Habland. In both cases I have no restrictions (except speed of course). In both cases I pay a couple of £ extra for fixed IP addresses. For websites I run my own sites with for a few £ a month again with no real restrictions.

    2. For a free dynamic dns service you can use if you have a registered domain or if a subdomain is enough for you. Both can update your ip address from crontab by requesting a web page with your apı key using curl.

    1. Apparently – according to Aidan who tested it – he got so far and realised it had issues – got in touch with the author and put it to one side for now – in the meantime we came up with this mechanism to extract words – and of course now we have them – we want to do our own thing – it also makes our solution somewhat system independent – as anything in the future that will release the words – will do the job. It would be nice if we could figure out a way to let Alexa continue to listen after the initial release of words – to make it more reactive – not sure if there is anything we can send back in the http response to do that – somewhat vague info there..

  4. Hi,

    I also found a Philips HUE emulator (ha_bridge) that works some what like the wemo emulator but it can also dim in addition to on and off. I found the following blog ( that talks a little about it. In this blog he also talks about an AlexaPi emulator. Not something I would want to use as a permanent set-up but it is an option for those who want to just play around with Alexa before they buy one. It installs on a Pi and you connect a speaker and a microphone and get the full functionality of the Echo Dot.


  5. The ha_bridge looks overly complicated to me - and as for using a Pi as an Alexa emulator - it simply isn't worth it. The Pi costs £30 then you need a microphone array from somewhere - assuming such a thing exists - there's a reason Amazon put an array of mics on there - and the hardware to do cancellation for example so you can play music and Alexa can still hear you - that's just not going to happen on a pi with any old mic. So I would dispute strongly that you get the full functionality of the Dot... consider the cost of a Pi + nice case + decent microphone(s) + speaker - and if you need the Bluetooth that would have to be the Pi3 ASSUMING Bluetooth is supported in the emulator. I just don't see the maths working out on that... Actually the speaker in the DOT isn't bad - I would not want to listen to music with it - but for responses it is just fine... and of course you get the lighting array for visual feedback as to whether it is actually listening. I think the Pi would make a poor cousin. However anything that gets people writing code - has to be better than nothing - the WEMO emulator is good and saves all the faffing about with HTTPS etc... but what is really needed is support for and a node that simply returns whatever command you say after it's name - that then opens up a whole world.

  6. hi
    Finally got the SSL certs installed & working. Many thanks to Pete and Aiden for all there help. Next obstical....
    "If you have passwords set up on your Node-Red and your Node-Red UI (which I do) you’ll have to pass them in the Amazon website string"
    How do i pass the node red passwords to amazon?

      1. tried to set it up but unfortunately I can't get anything from amazon dev --> raspi node-red. My url only works with the node-red port attached:

        is this the problem? how can I make the url work without the specific port?

        if I set up the alexa skill linkin to that url and just use a http node that listens post /echo and a debug node after that I should get anything when I tell alexa the skill, right?

        1. As we found out (and I think I mentioned) Amazon will not work with any other than port 443... so in my case here in the UK I simply put a redirect on the router from incoming 443 to 1880 on the Pi - works a treat.... in Spain however my router (not a cheap one) point blank refuses to redirect 443.

          1. yea, the router was the problem. I tried with an old one and now its working - partially. When I try it in the Service Simulator it works:
            "version": "1.0",
            "response": {
            "outputSpeech": {
            "type": "PlainText",
            "text": "You said. Test"
            "shouldEndSession": true
            "sessionAttributes": {}

            But when I ask my echo dot it says "I don't know how I can help you with that" or "something went wrong".
            In my node red there is nothing in the debug node after the /echo http node then.
            When I look in the history it understood me correctly. "ask commander test"

            Any idea what the problem could be?

          2. in case of routers that not allow 443 redirect, in general it's because they use it themselves for their gui admin interface, but usually this admin port can be changed, leaving the 443 free to be used for other

            1. Absolutely - and not only that but I'm fairly familiar with the Draytek 2830 router - but it is NOT letting me redirect 433. I turned off remote management altogether as I use TightVNC to get into the machine (I' m in the UK now and it is in Spain) - but it's not having it. If anyone with a Draytek 2830 or similar has done this I'd love to hear from them.

                1. Yes thanks - the two of them say the same (except one refers to self-signing and the 2830 doesn't have that option).

                  But - it does not work.

                  So - having set up Node-Red to accept a self-signed certificate - and it is on

                  If I do (internally) - Node-Red runs after griping about the certificate being no good (because I'm using a port and not the domain name). But from outside - - Should work because I have moved the Draytek SSL port to another one - and because I have set the redirection to take incoming 443 to and 1880.

                  Now I know you can do this because at home I had to do this with my Node-Red to use a proper certificate with Amazon Echo as their servers will ONLY talk to port 443 (all of which seems daft because you don't HAVE to use 443 to have SSL.

                  So how do I know it is the Draytek? Because a redirect on port 445 works - works and gives a nice clean green HTTPS - but send it to 443 and it won't work... HAS to be the Draytek, surely.

                    1. I now have an almost identical setup in the UK - Draytek 2830 on the end of a Plus-Net Plus-One crap router. And the SSL redirect works a TREAT there - so I'm left with not a CLUE as to why it isn't working in Spain.

              1. sometimes disabling management is not enough, you have to first change port, as above links, and then eventually disable it...

                different scenario, but you see this in windows too... assign an ip to a network interface, disable it, then try to assing that same ip to an other network interface, it complains it's in use...

  7. Peter have you heard of a phone app called "Ubi"? It allows you to use Alexa from your smartphone. It works great and its free. Now I can control my lights with my voice even if I'm not at home or near the Echo Dot. Give it a try.

    1. Hi there Alan

      I'm afraid you'll need to include a link - I've just been to my UK-based Android Smartphone to the App store and there are a couple of "UBI"s none of which has anything to do with Alexa. There is an app called "Roger" but that turns out to be a red herring as it does not talk to your Echo but to Amazon - and hence cannot access internal skills. What I'd like is an App that can handle internal skills via possibly port redirection so I can speak to my Echo from out of the house - I suspect if one included the audio feedback from Echo the most likely solution to that is the rather unwieldy auto-answering SKYPE.

  8. Here is the web address, and it has a link to the Google Play Store for the app as well on the page. I also wanted a phone app that would allow me to use my Alexa skills away from the house and Ubi does exactly that! It works the same as if you were talking directly to the Echo but remotely. I can run the app and press the listen button and say "Ask the house, what the inside temperature is" and it will reply with what ever I have set up in my node red Alexa flows.

    1. Sorry, forgot to mention you have to add the "Ubi Portal Voice Prototyping Tool" skill in your Alexa app, that is where it links your amazon account I believe. Been working on getting all this stuff working together for the last several days and my mind is getting foggy LOL. Hope it works for you because it works very good for me.

    1. I am SO glad you mentioned that - I immediately tackled our service provider and they came back to say they already support it!!!

      Google will give me browny points for making the blog SSL!

      1. Great, happy it was useful!

        Another way round the 443 thing might be to point it at a different domain, and use Apache's redirect to bring it into your node-red install via a different port.

        Good luck!

        1. Not so easy - so - the ISP in Spain has told me - they use port 443 for remote admin and can't change it.

          In the UK I have port 443 going to Node-Red - so that's that used up... don't have any more places I ahve full control of the ports and redirection...

          Am I missing something?

  9. Hi All,

    Is anyone else having a problem with the word "open". If I say "Open the Family room blinds", then 1 out of 5 times Alexa does not understand, but when I say "turn on the family room blinds" it opens the blinds 100% of the time, or if I say "close the family room blinds" it closed the blinds every time. It just seem to be a problem with "open".

    Thank you,


    1. To add to this. I do his via HA Bridge. in HA bridge I have a device called Family room blinds. I also have another device called Kitchen blinds that I have the same problem with.


  10. You can use the fairly recently opened up Alexa Smart Home Skill with node-red so you don't have to deal with giving example utterances or parsing the commands.

    As a bonus, you can use phrases like "Alexa, turn on kitchen lights" Instead of "Alexa, tell [skill] to turn on kitchen lights"

    I wrote a guide and node-red flow showing how here:

    1. Yes, but my point elsewhere remains - you can use HABRIDGE to do exactly that - but NEITHER of them will let you tell Amazon to fire back with "Ok, I've turned the heating to 16c as you requested".

      The parsing system we put together - lets you ask ANY question and get ANY reply. "How is the Pi doing?" - "The processor temperature is 40c which is ok and it is consuming 1 amp"...

      NONE of the systems which do not require port 443 and a little coding can do this - the skill we put together (I'm not sure if Amazon will allow this now) which sadly has to (because of Amazon) use port 443) will do this - if I am wrong - PLEASE someone tell me... our skill DOES however need you to say "ASK THE HOUSE TO..." which is offputting -- HABRIDGE however does not - you can say "Alexa, turn the heating to 16 degrees", "Turn the lights off" - etc etc... but all you get is an utterly useless "OK" as a result. The problem with THAT is that let's say you said "Turn the heating to 16c" - Alexa could have interpreted that as 60c and you would not know it until you were sweltering. Amazon need to EASE UP and let us have more control.

  11. Hello Pete & all,

    currently trying to replicate the setup, ok with the certificate check, probably missing something in node-red or Apache 2 setup, since the SSL Certificate Checker fails.
    These are the settings,js for node-red now edited as follows:
    var fs = require("fs");
    https: {
    key: fs.readFileSync('/etc/ssl/ssl.key/'),
    cert: fs.readFileSync('/etc/ssl/ssl.crt/')

    I had to issue the command "sudo a2enmod ssl" in order to have Apache 2 starting after having modified its settings file 000-default.conf in the /etc/apache2/sites-enabled folder as follows:

    SSLEngine on
    SSLCertificateKeyFile /etc/ssl/ssl.key/
    SSLCertificateFile /etc/ssl/ssl.crt/
    SSLCertificateChainFile /etc/ssl/ssl.crt/"

    Trying to access via http receives a

    "Bad Request

    Your browser sent a request that this server could not understand.
    Reason: You're speaking plain HTTP to an SSL-enabled server port.
    Instead use the HTTPS scheme to access this URL, please."

    port 80 still forwarded to my internal raspberry IP, as the 443 to 1880 and the port 1880 to the raspberry internal IP.

    Also just had a static public IP with my provider (Fastweb in Italy)

    Any hints?

  12. Hi Pete, regarding your Port 443 problem, I also experienced this and came up with this solution. I bought a cheap Linode for $5 month running Node-Red and MQTT then I bridge the MQTT 's from my home instance which initiates the connection, works flawlessly.....just a suggestion.

    1. Thanks for that, Mark. Mostly now I use HA-Bridge - I do miss the ability to do customer feedback audio - I was rather hoping Amazon would have eased up on the 433 port by now.

  13. Loving the Alexa progress. I am quite new to this but have achieved the easy step, "Alexa light on" via node red and the sonoffs.

    Now while the weather is still warm I wish to accomplish getting an appropriate reply to " Alexa Tell me the heating system status ". Yes, looking for her to tell us the wood boiler temperature, etc!

    I have a virtual server on the web and am considering going down that path for the https connection. Need to brush up on the MQTT bridging idea.

    Love the ideas gleaned from this site.. Thank you Peter!

  14. Just a word about SSL:

    On dietpi there is now an option to install Certbot, I did this and it is really easy to create a free SSL certificate using Letsencrypt, a CA authority, which means it is not a self signed certificate so no problems with any servers trying to access your domain..

    Updating the certificate is really easy too (3 months duration).

    Tested and working with node-red and Alexa. I can really recommend this method.

    Garry - The Welsh SSL expert (feels that way after the time I have invested in this 🙂 )

    1. I have LetsEncrypy on all my sites- but in Spain my service provider has reserved the SSL port for internal use!!! And Amazon won't accept https on any other port.

      1. more details... i've a setup between our work firewall and a vps server in the cloud... they're connected via a ipsec tunnel, and the exposed public ip address is the one of the vps server... then, there's a nginx server configured in reverse proxy, so it gets the public requests for domains and redirect to lan ip on the other side of the ipsec tunnel... so you don't need to expose any port of your local machines, you can use the same vps as target for 2 different tunnels (ES and UK) and it works flawlessly for port 80... i need to complete the ssl part, but it's all in the docs... it's FAST, and you have addon security given by the reverse proxy... the aruba cloud 1€ server is fine for this...

  15. Hi Peter,
    Thanks for the write-up! Very nice!
    Do you have any idea how to make Alexa ask for parameters once the skill has been initiated? What I mean is, say, I ask "Alexa, switch the aircon on." Alexa replies: "Ok. For how long do you want me to switch the aircon on?" which I can reply with "30 minutes".

    1. Well I hope someone else has that answer- I've found Alexa to be considerably more restrictive from a programming perspective than need be - I guess Amazon are only interested in the mass sale, people content to turn Philips (heavily advertised by Alexa) light bulbs etc.

  16. In case you are still interested in having Alexa initiate a conversation for instance when the heating has reached the target temperature or the timer has activated - Amazon have updated the voice service API for the UK to allow skills to send notifications. Restrictions as to certificates and port 443 still apply though.

Comments are closed.