search

bwssytems / ha-bridge

Home automation bridge that emulates a Philips Hue light system and can control other systems such as a Vera, Harmony Hub, Nest, MiLight bulbs or any other system that has an http/https/tcp/udp interface. This is a compact impl to run on small format computers. This is impl started from this project https://github.com/armzilla/amazon-echo-ha-bridge.
Apache License 2.0
1.45k stars 199 forks source link

Trouble connecting to server using LetsEncrypt SSL certificate #183

Closed ih8gates closed 8 years ago

ih8gates commented 8 years ago

I'm having trouble connecting to Home Assistant from my HA Bridge (it's working fine for other stuff).

I suspect that the issue may be that my HA server is using SSL with LetsEncrypt.

Is there something I need to do to let HA know that my server's cert is OK?

I'm seeing errors like this in my log: Error on calling url to change device state: https://xxx.dyndns.org/api/services/script/stopsqueeze?api_password=XXX

I'm running HA Bridge on an rPi running Jessie.

bwssytems commented 8 years ago

Please review this closed ticket to see if it has the info you need:

https://github.com/bwssytems/ha-bridge/issues/97

bwssytems commented 8 years ago

Take a look at this site

http://fearoffish.com/home-automation/home-assistant-and-ha-bridge/

ih8gates commented 8 years ago

Thanks. He mentions that he is using ssl, but not anything about making it work. I'll tweet him.

bwssytems commented 8 years ago

That would be best, I'm not updated on that install.

bwssytems commented 8 years ago

Is this working?

ih8gates commented 8 years ago

Unfortunately, no. I finally heard back from fearoffish yesterday. He's running HA Bridge on the same Pi that he's running Home Assistant. So that could be the issue. He wasn't specific about what SSL cert he's using - he just said "legit cert" - so it might be a n interaction with Lets Encrypt's certificate that's the issue.

I'm able to form posts from Postman (chrome plugin to format post requests) and it works just fine. Here's what I've got: sq

bwssytems commented 8 years ago

Does this work for you when you build the custom calls?

ih8gates commented 8 years ago

I'm not sure what you mean.

Everything works from Postman, so I'm fairly confident I've got the headers and URLs correct. The error in logs doesn't give me any clues: Error on calling url to change device state: https://xxx.dyndns.org/api/services/script/playsqueeze?api_password=xxx

bwssytems commented 8 years ago

Set the Huemulator loggin on, select the Show All Loggers checkbox and then you can set the explicit level on each of the processes components. The most helpful logger would be setting DEBUG for com.bwssystems.HABridge.hue.HueMulator component. Changing this and then selecting the Update Log Levels button applies the new log settings. Post your output. Thanks

ih8gates commented 8 years ago

I get:

10-26-2016 16:33:41.428 DEBUG   hue state change requested: test from 192.168.1.10 body: {"on":false}   com.bwssystems.HABridge.hue.HueMulator
10-26-2016 16:33:41.435 DEBUG   executing HUE api request for network call: https://ih8gates.dyndns.org/api/services/script/stopsqueeze?api_password=xxx    com.bwssystems.HABridge.hue.HueMulator
10-26-2016 16:33:41.437 DEBUG   executing HUE api request to Http POST: https://ih8gates.dyndns.org/api/services/script/stopsqueeze?api_password=xxx    com.bwssystems.HABridge.hue.HueMulator
10-26-2016 16:33:41.438 DEBUG   Making outbound call in doHttpRequest: POST https://ih8gates.dyndns.org/api/services/script/stopsqueeze?api_password=xxx HTTP/1.1   com.bwssystems.HABridge.hue.HueMulator
10-26-2016 16:33:41.531 WARN    Error calling out to HA gateway: IOException in log com.bwssystems.HABridge.hue.HueMulator
10-26-2016 16:33:41.533 WARN    Error on calling url to change device state: https://ih8gates.dyndns.org/api/services/script/stopsqueeze?api_password=xxx   com.bwssystems.HABridge.hue.HueMulator
ih8gates commented 8 years ago

( I have my real password in the logs, not XXX)

bwssytems commented 8 years ago

I need to see what is in the log on disk. The exception does not display in the gui.

ih8gates commented 8 years ago

Where does the bridge store its logs? I'm not seeing anything log in the directory I'm running it from. I've got a data directory, but nothing there that looks log-like.

bwssytems commented 8 years ago

If you start it with the systemctl stuff it is in the syslog.

ih8gates commented 8 years ago

I start it from rc.local with

nohup java -jar -Dupnp.config.address=192.168.1.47 -Dvera.address=192.168.1.102 -Dupnp.device.db=/home/pi/habridge/data/device.db /home/pi/habridge/ha-bridge.jar > /dev/null 2>&1 &

I'm not super linux-savvy, so I did this by following Googled instructions.

I'm running on Retropie - could I be missing an encryption library?

bwssytems commented 8 years ago

Ahh, your startup command throws away the logging output. change the >/dev/null 2>&1 to > /home/pi/habridge/log.txt 2>&1

This will save the output to a file

bwssytems commented 8 years ago

Any news on this?

ih8gates commented 8 years ago

Sorry. I had a high fever for almost a week and let some stuff slide. Getting back to normal. I made that update and I get:

2016-11-03 12:57:38,606 [main] INFO com.bwssystems.HABridge.HABridge - HA Bridge (v3.2.0) starting.... 2016-11-03 12:57:38,716 [main] INFO com.bwssystems.HABridge.BridgeSettings - reading from config file: data/habridge.config 2016-11-03 12:57:39,114 [main] INFO com.bwssystems.HABridge.HABridge - HA Bridge (v3.2.0) initializing.... 2016-11-03 12:57:39,190 [main] INFO com.bwssystems.HABridge.SystemControl - System control service started.... 2016-11-03 12:57:40.437:INFO::Thread-0: Logging initialized @5960ms 2016-11-03 12:57:40,510 [main] INFO com.bwssystems.HABridge.devicemanagmeent.DeviceResource - HABridge device management service started.... 2016-11-03 12:57:40,579 [main] INFO com.bwssystems.HABridge.upnp.UpnpSettingsResource - Hue description service started.... 2016-11-03 12:57:40,592 [main] INFO com.bwssystems.util.UDPDatagramSender - Initializing UDP response Seocket... 2016-11-03 12:57:40,605 [main] INFO com.bwssystems.util.UDPDatagramSender - UDP response Seocket initialized to: 50000 2016-11-03 12:57:40,919 [Thread-0] INFO spark.webserver.JettySparkServer - == Spark has ignited ... 2016-11-03 12:57:40,930 [Thread-0] INFO spark.webserver.JettySparkServer - >> Listening on 0.0.0.0:8080 2016-11-03 12:57:40.945:INFO:oejs.Server:Thread-0: jetty-9.3.z-SNAPSHOT 2016-11-03 12:57:41.229:INFO:oejs.ServerConnector:Thread-0: Started ServerConnector@de0269{HTTP/1.1,[http/1.1]}{0.0.0.0:8080} 2016-11-03 12:57:41.240:INFO:oejs.Server:Thread-0: Started @6771ms 2016-11-03 12:57:42,197 [main] INFO com.bwssystems.HABridge.hue.HueMulator - Hue emulator service started.... 2016-11-03 12:57:42,246 [main] INFO com.bwssystems.HABridge.upnp.UpnpListener - UPNP Discovery Listener starting.... 2016-11-03 12:57:42,249 [main] INFO com.bwssystems.HABridge.upnp.UpnpListener - UPNP Discovery Listener running and ready.... 2016-11-03 13:04:46,713 [qtp19327982-14] WARN com.bwssystems.HABridge.hue.HueMulator - Error calling out to HA gateway: IOException in log javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925) at sun.security.ssl.Handshaker.process_record(Handshaker.java:860) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at com.bwssystems.HABridge.hue.HueMulator.doHttpRequest(HueMulator.java:1079) at com.bwssystems.HABridge.hue.HueMulator.lambda$19(HueMulator.java:939) at com.bwssystems.HABridge.hue.HueMulator$$Lambda$68/10443789.handle(Unknown Source) at spark.RouteImpl$1.handle(RouteImpl.java:58) at spark.webserver.MatcherFilter.doFilter(MatcherFilter.java:162) at spark.webserver.JettyHandler.doHandle(JettyHandler.java:61) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:189)

bwssytems commented 8 years ago

So, all these messages indicate that the cert is not in the place it expects. It is always relative to the configuration of your Java install or the running directory. Google some more...

ih8gates commented 8 years ago

I'm trying to figure this out. Do I need to import the cert from my other machine onto the Pi that's running HA Bridge? I'm not sure how to proceed.

bwssytems commented 8 years ago

So, why don't you setup Home Assistant to not use a cert and just do username/password?

ih8gates commented 8 years ago

In addition to the security when I connect from outside my network, it's an endpoint for Alexa skills, so needs to have SSL.

aptalca commented 8 years ago

I believe your answer is here: https://community.letsencrypt.org/t/ssl-certs-in-java/15450

bwssytems commented 8 years ago

The lets encrypt option would be a good choice. There is some comments in closed issues here that discuss and it works.

ih8gates commented 8 years ago

Thanks for all the help. And thanks for closing the issue - this is definitely an issue with certificates and java, not an HA Bridge issue, per se.

NShak commented 8 years ago

@ih8gates did you end up trying the method that @aptalca provided?

ih8gates commented 8 years ago

I've been fighting this in another way, so I haven't. I've got Alexa skills working directly with my home automation (Home Assistant) controller, which is the one I was having trouble connecting to.

ih8gates commented 8 years ago

Someone on the Home Assistant forums put together instructs on fixing this issue: https://community.home-assistant.io/t/why-cant-emulated-hue-work-with-onhub-or-google-home/5794/35