Using Proxyman on my iPhone/iPad I discovered that the Homey App was indeed trying HTTPS to access 192.168.1.x.homey.homeylocal.com first, but all requests failed and it then tried HTTP instead (which succeeds).
Since this is only related to local traffic, I tried to solve it via my router, instead of NextDNS. I have an ASUS router which runs the excellent AsusWrt-Merlin third-party firmware. I added this line to the dnsmasq configuration file/jffs/configs/dnsmasq.conf.add (to bypass NextDNS - and thus its DNS Rebinding Protection?):
After restarting both the dnsmasq service on the router and the Homey App on my iOS devices the requests now succeed using HTTPS and there is no fallback to HTTP!
Thank you for bringing this to our attention @Dijker!
Oh, it’s even nicer to learn about this in my case!
In the past I changed the "Homey p1 smartmeter DSMR reader for com.p1.smartmeter " script to use the (local) IP address 192.168.1.x (I have assigned a fixed IP to Homey in my router) instead of the (external) hostname <homeyId>.connect.athom.com, but as a side effect I had to use HTTP because the Homey did not have a SSL certificate for that IP address.
With this new knowledge and the dnsmasq workaround I can now use the hostname 192-168-1-x.homey.homeylocal.com instead of the IP address 192.168.1.xwith HTTPS.
Nice! Unfortunately, I can’t use that, as the NextDNS install script removes the stop-dns-rebind line from the router’s configuration (NextDNS takes care of DNS Rebinding Protection in my setup).
So change the script According to NextDNS, the allow list “takes precedence over everything else, including security features”, so perhaps it’s possible to add an exception for homeylocal.com?