[BUG] IFTTT - ssl.SSLCertVerificationError: SSL CERTIFICATE_VERIFY_FAILED

Cyber5imon commented 3 years ago

What is the purpose of your issue?

[x] Bug report (encountered problems with amazon-dash)
[ ] Feature request (request for a new functionality)
[ ] Question
[ ] Other

Guideline for bug reports

amazon-dash version: v1.4.0
Python version: 3.7.5
Pip & Setuptools version: pip 20.2 & setuptools 46.3.0
Operating System: Ubuntu 19.10
[x] The pip install or setup install command has been completed without errors
[x] The python -m amazon_dash.install command has been completed without errors
[x] The amazon-dash discovery command works without errors
[x] I have created/edited the configuration file
[x] Amazon-dash service or amazon-dash --debug run works

Description

When using the IFTTT service, there is an error with the https certificate as shown below. The error just started on Sep 27 or Sep 28th... Here is my config:

  68:xx:e9:xx:da:xx:
    name: Dash-Bounty
    ifttt: cOxxxxxxx7z3_PWxxxxxJR
    event: DashButton_Bounty

What I Did

Here are the errors received from the IFTTT request:

2020-09-28 21:44:07,709 - amazon-dash - DEBUG   - Dash-Bounty device executed (mac 68:37:e9:50:da:6b)
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 343, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 841, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 344, in connect
    ssl_context=context)
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 345, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/usr/lib/python3.7/ssl.py", line 870, in _create
    self.do_handshake()
  File "/usr/lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 638, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 398, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='maker.ifttt.com', port=443): Max retries exceeded with url: /trigger/DashButton_Bounty/with/key/cOiil0bP77z3_PWCcmGoJR (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/dist-packages/amazon_dash/execute.py", line 218, in execute
    **kwargs)
  File "/usr/lib/python3/dist-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='maker.ifttt.com', port=443): Max retries exceeded with url: /trigger/DashButton_Bounty/with/key/cOiil0bP77z3_PWCcmGoJR (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.7/threading.py", line 926, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.7/threading.py", line 870, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/local/lib/python3.7/dist-packages/amazon_dash/listener.py", line 84, in execute
    result = self.execute_instance.execute(root_allowed)
  File "/usr/local/lib/python3.7/dist-packages/amazon_dash/execute.py", line 220, in execute
    raise ExecuteError('Exception on request to {}: {}'.format(self.data['url'], e))
amazon_dash.exceptions.ExecuteError: Exception on request to https://maker.ifttt.com/trigger/DashButton_Bounty/with/key/cOiil0bP77z3_PWCcmGoJR: HTTPSConnectionPool(host='maker.ifttt.com', port=443): Max retries exceeded with url: /trigger/DashButton_Bounty/with/key/cOiil0bP77z3_PWCcmGoJR (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)'))

Cyber5imon commented 3 years ago

FYI... As a temporary fix, I update the following line in execute.py, changing True to False in the verify parameter:

resp = request(self.data.get('method', 'get').lower(), self.data['url'],
                           verify=self.data.get('verify', False),
                           **kwargs)

I realize this is considered unsafe, but it does allow IFTTT to function until the certificate error can be resolved.

Cyber5imon commented 3 years ago

Apparently, IFTTT did not renew their SSL cert in time. Shame on them!

Anyway this error no longer occurs so I'm closing this issue.

Nekmo / amazon-dash