Got the Saros 10R working on firmware 02.52.86. The docs list 02.52.32 as the tested version, so figured this was worth sharing for the table.
Setup:
- Model:
roborock.vacuum.a144, firmware 02.52.86
- Cert: Let's Encrypt wildcard (
*.mydomain.com) via Cloudflare DNS-01, reused from Nginx Proxy Manager - I mounted NPM's letsencrypt volume read-only into the container. No separate cert pipeline. One thing to know: NPM's cert directory is mode 700, so the container needs to run as root (user: "0:0" in compose).
- Server: v1.0.2, Docker Compose, build-from-source
- DNS: AdGuard Home wildcard
*.mydomain.com → server host. Already covered api-roborock.mydomain.com with no dedicated rewrite.
- Don't add an NPM proxy host for this, the server serves TLS directly on :555/:8881, and a proxy in front of it breaks the protocol path.
Things that bit me:
BLE binding kept failing with -3004.1 ("Failed to send information to the device"). The fix was turning off the VPN on my phone that I didn't realize was on like a dumb dumb. Also worth disabling any private/ad-block DNS on the device during pairing. I went through the obvious suspects first - band steering, WPA/WPA2 mode, VLAN firewall rules, Android BLE permissions, none of them were it.
The cfgwifi local-first flow doesn't run the Roborock app's first-run map creation, so after cutover the vacuum had no map. What worked: re-onboard via the Roborock cloud app to build the map, re-import room metadata from the cloud snapshot, then re-cut to the local server. Map and rooms carried over intact.
After cutover the vacuum showed unavailable in Home Assistant. Stale MQTT credentials in memory - restart HA and it comes back. This was likely due to first authenticating with cloud credentials, then swapping to the local version.
The cfgwifi server token format is yourdomain.com:555, not api-yourdomain.com:555. The api- prefix is only for DNS.
HA integration is working well. Using the roborock_custom_map HACS bridge for the interactive map card. Room cleaning via app_segment_clean works with numeric segment IDs - on this unit, HA Room N maps directly to segment ID N (1–12).
One other thing worth mentioning: I tackled this as part of a larger homelab project running on Proxmox + Home Assistant, and I used Claude Code throughout - planning the spec/plan phases, working through the DNS/cert architecture, debugging the issues above, and wiring it all into HA. It's genuinely good at holding the full context of a complex setup (VLANs, NPM cert paths, firewall rules, MQTT topology) across a multi-day project. I stood up this site as a way to help others if you're interested in how I'm doing that https://vdb-ai.com/homelab (I'm 100% confident I could not have done this w/o AI).
Full transparency, I had Claude help me write this up to share based on my feedback going through this 😆. I was holding my breath on the documented firmware version hoping that the most recent one I updated to would work, and sure enough it did.
Thanks for the project, this was exactly what I was looking for.
Got the Saros 10R working on firmware 02.52.86. The docs list 02.52.32 as the tested version, so figured this was worth sharing for the table.
Setup:
roborock.vacuum.a144, firmware02.52.86*.mydomain.com) via Cloudflare DNS-01, reused from Nginx Proxy Manager - I mounted NPM's letsencrypt volume read-only into the container. No separate cert pipeline. One thing to know: NPM's cert directory is mode 700, so the container needs to run as root (user: "0:0"in compose).*.mydomain.com→ server host. Already coveredapi-roborock.mydomain.comwith no dedicated rewrite.Things that bit me:
BLE binding kept failing with
-3004.1("Failed to send information to the device"). The fix was turning off the VPN on my phone that I didn't realize was on like a dumb dumb. Also worth disabling any private/ad-block DNS on the device during pairing. I went through the obvious suspects first - band steering, WPA/WPA2 mode, VLAN firewall rules, Android BLE permissions, none of them were it.The cfgwifi local-first flow doesn't run the Roborock app's first-run map creation, so after cutover the vacuum had no map. What worked: re-onboard via the Roborock cloud app to build the map, re-import room metadata from the cloud snapshot, then re-cut to the local server. Map and rooms carried over intact.
After cutover the vacuum showed unavailable in Home Assistant. Stale MQTT credentials in memory - restart HA and it comes back. This was likely due to first authenticating with cloud credentials, then swapping to the local version.
The cfgwifi server token format is
yourdomain.com:555, notapi-yourdomain.com:555. Theapi-prefix is only for DNS.HA integration is working well. Using the
roborock_custom_mapHACS bridge for the interactive map card. Room cleaning viaapp_segment_cleanworks with numeric segment IDs - on this unit, HA Room N maps directly to segment ID N (1–12).One other thing worth mentioning: I tackled this as part of a larger homelab project running on Proxmox + Home Assistant, and I used Claude Code throughout - planning the spec/plan phases, working through the DNS/cert architecture, debugging the issues above, and wiring it all into HA. It's genuinely good at holding the full context of a complex setup (VLANs, NPM cert paths, firewall rules, MQTT topology) across a multi-day project. I stood up this site as a way to help others if you're interested in how I'm doing that https://vdb-ai.com/homelab (I'm 100% confident I could not have done this w/o AI).
Full transparency, I had Claude help me write this up to share based on my feedback going through this 😆. I was holding my breath on the documented firmware version hoping that the most recent one I updated to would work, and sure enough it did.
Thanks for the project, this was exactly what I was looking for.