SSL Wrong Version

[adamzvolanek]

• Unifi Protect Backup version: Protect 1.21.4
• Python version: ?
• Operating System: Unraid 6.9.2

Description

When py.unifi.protect attempts to connect to my UDM SE it throws an 'SSL: WRONG_VERSION_NUMBER'

What I Did

The docker must be set to the correct port given it is attempting to connect with the account I had made for it, however I am unsure if the SSL Version on my Unraid, Docker, or UDM SE is the culprit.

client_session: <aiohttp.client.ClientSession object at 0x149a27d2de80>
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: Config:
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: address='192.168.1.1'
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: port=8080
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: username='Alexandria_Backup'
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: password=REDACTED
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: verify_ssl=False
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: rclone_destination='local:/data'
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: retention='7d'
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: rclone_args=''
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: ignore_cameras=()
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: verbose=1
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: detection_types=['motion', 'person', 'vehicle', 'ring']
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: file_structure_format='{camera_name}/{event.start:%Y-%m-%d}/{event.end:%Y-%m-%dT%H-%M-%S} {detection_type}.mp4'
2022-04-15 02:56:30 [INFO]:unifi_protect_backup.unifi_protect_backup: Starting...
2022-04-15 02:56:30 [INFO]:unifi_protect_backup.unifi_protect_backup: Checking rclone configuration...
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: rclone found: /usr/bin/rclone
2022-04-15 02:56:30 [DEBUG]:unifi_protect_backup.unifi_protect_backup: ffprobe found: /usr/bin/ffprobe
2022-04-15 02:56:30 [INFO]:unifi_protect_backup.unifi_protect_backup: Connecting to Unifi Protect...
Traceback (most recent call last):
File "/usr/bin/unifi-protect-backup", line 8, in <module>
sys.exit(main())
File "/usr/lib/python3.9/site-packages/click/core.py", line 1137, in __call__
return self.main(*args, **kwargs)
File "/usr/lib/python3.9/site-packages/click/core.py", line 1062, in main
rv = self.invoke(ctx)
File "/usr/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3.9/site-packages/click/core.py", line 763, in invoke
return __callback(*args, **kwargs)
File "/usr/lib/python3.9/site-packages/unifi_protect_backup/cli.py", line 109, in main
loop.run_until_complete(event_listener.start())
File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete
return future.result()
File "/usr/lib/python3.9/site-packages/unifi_protect_backup/unifi_protect_backup.py", line 288, in start
await self._protect.update()
File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 507, in update
self._bootstrap = await self.get_bootstrap()
File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 663, in get_bootstrap
data = await self.api_request_obj("bootstrap")
File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 248, in api_request_obj
data = await self.api_request(
File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 231, in api_request
data = await self.api_request_raw(
File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 197, in api_request_raw
await self.ensure_authenticated()
File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 277, in ensure_authenticated
await self.authenticate()
File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 293, in authenticate
response = await self.request("post", url=url, json=auth)
File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 184, in request
raise NvrError(f"Error requesting data from {self._host}: {err}") from None
pyunifiprotect.exceptions.NvrError: Error requesting data from 192.168.1.1: Cannot connect to host 192.168.1.1:8080 ssl:False [[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1129)]
2022-04-15 02:56:30 [ERROR]:asyncio : Unclosed client session
client_session: <aiohttp.client.ClientSession object at 0x152b92ba59a0>
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

[ep1cman]

Have you provided unifi with a SSL certificate or are you using the default one it generates? In the case of the default self signed certificate I usually just disable ssl verification, we would need to add their CA to the container for it to work otherwise.

please see if that fixes it for now and I will take a look into this further in a few days when I am free

[adamzvolanek]

I have the certificate flag as false, however my UDMP SE has the following settings.

[ep1cman]

Ah, the underlying API only works for local users with username/password authentication. It is common to create a user with only permissions to access the needed api functions. I will add a note to the readme about this.

[ep1cman]

https://github.com/ep1cman/unifi-protect-backup/blob/main/README.md#account-setup < I have now added instructions

[adamzvolanek]

What is the difference with the local account I have been using, Alexandria_Backup?

It has viewer permissions but to the whole console.

[ep1cman]

Ah ok, that should be fine. From your previous screenshot I assumed you were trying to use the SSH credentials to log in.

Are you using port 443 ?

[adamzvolanek]

No I’m using port 8080. Should I switch to 443?

https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used

[ep1cman]

Yes please try that. Its the default port the API is accessible on.

[adamzvolanek]

Perhaps wrong password? I swear I copy and pasted it.

`connections: ['[(<aiohttp.client_proto.ResponseHandler object at 0x151c2e97c6a0>, 603166.534801011)]'] connector: <aiohttp.connector.TCPConnector object at 0x151c2e986070> 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: Config: 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: address='192.168.1.1' 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: port=443 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: username='Alexandria_Backup' 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: password=REDACTED 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: verify_ssl=False 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: rclone_destination='local:/data' 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: retention='7d' 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: rclone_args='' 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: ignore_cameras=() 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: verbose=1 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: detection_types=['motion', 'person', 'vehicle', 'ring'] 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: file_structure_format='{camera_name}/{event.start:%Y-%m-%d}/{event.end:%Y-%m-%dT%H-%M-%S} {detection_type}.mp4' 2022-04-17 13:28:56 [INFO]:unifi_protect_backup.unifi_protect_backup: Starting... 2022-04-17 13:28:56 [INFO]:unifi_protect_backup.unifi_protect_backup: Checking rclone configuration... 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: rclone found: /usr/bin/rclone 2022-04-17 13:28:56 [DEBUG]:unifi_protect_backup.unifi_protect_backup: ffprobe found: /usr/bin/ffprobe 2022-04-17 13:28:56 [INFO]:unifi_protect_backup.unifi_protect_backup: Connecting to Unifi Protect... Traceback (most recent call last): File "/usr/bin/unifi-protect-backup", line 8, in sys.exit(main()) File "/usr/lib/python3.9/site-packages/click/core.py", line 1137, in call return self.main(args, kwargs) File "/usr/lib/python3.9/site-packages/click/core.py", line 1062, in main rv = self.invoke(ctx) File "/usr/lib/python3.9/site-packages/click/core.py", line 1404, in invoke return ctx.invoke(self.callback, ctx.params) File "/usr/lib/python3.9/site-packages/click/core.py", line 763, in invoke return __callback(args, **kwargs) File "/usr/lib/python3.9/site-packages/unifi_protect_backup/cli.py", line 109, in main loop.run_until_complete(event_listener.start()) File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete return future.result() File "/usr/lib/python3.9/site-packages/unifi_protect_backup/unifi_protect_backup.py", line 288, in start await self._protect.update() File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 507, in update self._bootstrap = await self.get_bootstrap() File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 663, in get_bootstrap data = await self.api_request_obj("bootstrap") File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 248, in api_request_obj data = await self.api_request( File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 231, in api_request data = await self.api_request_raw( File "/usr/lib/python3.9/site-packages/pyunifiprotect/api.py", line 209, in api_request_raw raise NvrError(msg % (url, response.status, reason)) pyunifiprotect.exceptions.NvrError: Request failed: /proxy/protect/api/bootstrap - Status: 500 - Reason: Invalid token

2022-04-17 13:28:56 [ERROR]:asyncio : Unclosed client session

client_session: <aiohttp.client.ClientSession object at 0x151c2e9cbee0> 2022-04-17 13:28:56 [ERROR]:asyncio : Unclosed connector

connections: ['[(<aiohttp.client_proto.ResponseHandler object at 0x151c2e97c6a0>, 603166.534801011)]'] connector: <aiohttp.connector.TCPConnector object at 0x151c2e986070> [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] waiting for services. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. `

[adamzvolanek]

Updated the password, typo, but looks like my time zone is the wrong format. I assumed to put in CST, but logs show to use “Continent/City”.

Fixed TZ to be the Continent/City format and it seems to be working and showing my cameras in the logs.

I’ll have to change the password back to something more secure. Thank you for your help!