No motion detection when internal SSL is used

[andriej]

Describe the bug After having integration running for some time I've noticed errors in log regarding the connectivity and rising CPU usage - which has dropped after rebooting the cameras (2 pcs). Usually before updating the library (so before the github-name migration in HACS, previously I had them in YAML) - CPU stood at max 9% for weeks. Now it's slowly rising, so could be some issue inside the code.

To Reproduce Currently noticed, will look at the issue further

Screenshots Marked yellow the moment of cameras reboot: (high CPU at night is backup, ignore it).

Environment: Please provide useful information about your environment, like:

• Home Assistant version: latest (2020.12)
• Reolink camera model: 2x RLC 520 PoE
• Camera firmware number: v3.0.0.65_20071012

Additional context Happenes more often for one out of two cameras - the one that had auto reboot disabled. Reolink client don't have any issues and can connect without problem so it's no connectivity issue (LAN cable from HA to camera all the time)

Will add new findings in comment to this issue if any.

[andriej]

First finding - they are on old firmware... I was sure that I've upgraded them recently. I did right now to latest available (v3.0.0.136_20121112), will see if there are improvements.

[andriej]

Ok, so after update - no further errors regarding timeout's/connectivity problems. What persist is CPU problem:

CPU rising didn't happen before (with the 'YAML' way integration). That drop was moment of HA restart.

[fwestenberg]

Thanks for your analysis. I think it's not sure the integration way leading to higher CPU usage in your case. There also has changed a lot in the integration. If I look at my HA supervisor, CPU is only 1.2% with two camera's connected. Is everything working well at least? Motion detection working?

[andriej]

@fwestenberg thank you for your question - I've checked and indeed, there may be still problem :-) as motion detection didn't show any motion since 24hours and i.e. IR-lights looks like: every 1 hour and 1 minute there's an second of 'unavailable'

Shall I re-add those cameras or dig something further? (Motion detection were working previously of course)

[fwestenberg]

Yes this woud be great. IR light are working? I can't understand your language. ;-)

[andriej]

Right, I've switched to english. Before removal, just to have history:

• motion detection (there was of course motion in front of camera):

• switch e-mail (unavailability after exactly 1 hour and 1 minute every 1 hour):

• switch to turn IR lights also same unavailability:

It seems like the integration didn't went through whole process and there's something going in background that makes CPU rise and also not report all functionalities like it should. Will remove and re-add right now

[fwestenberg]

Ok, also I found some errors in the code. I will update a.s.a.p.

[andriej]

While removing cameras this entry appeared in log (maybe useful?):

[fwestenberg]

This is probably the reason why motion detection is not working. But I already fixed this one. I will create a PR later today.

[andriej]

Yes, now I've confirmed - in app (reolink client) I see motion detected and video recorded - in HA it's no-motion. Will wait for PR - thanks for fast investigation and great integration! :-) Glad I can help to hunt some bugs.

[fwestenberg]

Can you update the files in custom_components/reolink_dev with the files from this branch? Please let me know the results.

[andriej]

Deleted files, added linked one and restarted (and readded cameras) - still no motion reported, despite that they seem to work:

[fwestenberg]

The availability is best to find in the log (debug mode). Is the subscription working? And did it register a webhook?

[andriej]

Could you please provide what components to put in 'debug' mode for logger? I always have trouble guessing it. ;)

[fwestenberg]

Yes, I described this and some more interesting things here

[fwestenberg]

I would suggest next time to mask your webhook id (last part). If you just reload the integration, it will generate another one and delete the old. What I see, is you are using https internal also. And this does not work with the Reolink camera yet (unfortunately). It's described in another post also.

[andriej]

Ok, so that's the thing that changed between versions? Will it be possible in any future soon? Just to make sure: it's 100% proper SSL that can be validated (LE).

[fwestenberg]

It works totally different now, and should lead to less http calls etc. Read more here. Maybe it can work, but needs more investigation first.

[andriej]

I'd be happy to help investigate and test it out, as at the moment I can't motivate myself to drop SSL support (I have it done same way as in linked thread - forced via nginx proxy)

[fwestenberg]

Can you check the log if it still uses the https, since you updated the files it should now use http...

[andriej]

I re-did everything, so removed integration, deleted files, did git clone https://github.com/fwestenberg/reolink_dev/ --branch NVR-Webhook-subscription and in logs I see: [custom_components.reolink_dev.base] Host 192.168.x.102 subscribed successfully to webhook https://xxx/api/webhook/a180bxxxx

[fwestenberg]

The answer to that is in this post, I think!

[andriej]

Yes, could be - but integrations I rely on doesn't allow me to have HTTP also inside my network and I'd rather like not to drop some level of security too. And there's no way I can declare any kind of workaround too (as it's taken from HA, not configurable parameter).

Is there something that can be changed on library/integration level or it's rather something to debug on reolink's side? Bugreport? Any way to see/check what exactly is the issue for reolink, debug that?

[jjeremia]

Just a comment to this... My cameras worked perfect, with motion detection, prior to moving config from configuration.yaml to integration setup. After that I have not gotten any motion detection. I have always used internal SSL.

[andriej]

So it's the same issue as mine. Good, one more to potential debug. :-)

[fwestenberg]

It works totally different now, and should lead to less http calls etc. Read more here. Maybe it can work, but needs more investigation first.

Like I wrote here, it's useless to compare to the old version. Things have changed significantly and we are not polling for motion every second. With both of my camera's this works great. I have motion detected within a second and without missing any motion. So this is definitely the way to go. Also, the official Reolink Windows application works this way. So we can only fix your issue by:

• Finding a way to make the camera call HTTPS (upload certificate to the camera some way?)
• Enable HTTP on HA (for the webhook at least)

[andriej]

Why would camera need SSL cert when it has proper non-self signed one? Is there any API/way to test those calls from camera to HA? Or just get some more debug codes? I'd like to investigate more so potential solution will be more user friendly than creating custom webhooks (and HA doesn't allow to create custom webhooks anymore too?)

[fwestenberg]

Why would camera need SSL cert when it has proper non-self signed one? Is there any API/way to test those calls from camera to HA? Or just get some more debug codes? I'd like to investigate more so potential solution will be more user friendly than creating custom webhooks (and HA doesn't allow to create custom webhooks anymore too?)

This is just one of the possible things to try. It's not about the camera's certificate, but it should probably first trust your HA certificate?

[andriej]

But why would it not trust that certificate? How can we check if it's problem with cert or other problem? I'm not a programmer, tried to look at api.cgi but failed as I don't know internals how to check and check response codes :-)

My SSL cert is verified by proper CA, in browsers it's shown as 'secured' so camera shouldn't have any issues with that

[badabing2005]

But why would it not trust that certificate? How can we check if it's problem with cert or other problem? I'm not a programmer, tried to look at api.cgi but failed as I don't know internals how to check and check response codes :-)

My SSL cert is verified by proper CA, in browsers it's shown as 'secured' so camera shouldn't have any issues with that

It all depends on which certificate authority signed your certificate and if that authority is in root CA of the camera / NVR How are you accessing api.cgi? where are you accessing this?

[fwestenberg]

Thanks for renaming this one. And I thing @badabing2005 you are right about that. But I also did not look any further. I am using the ONVIF event subscription for motion detection. You can check it out in the other repository (fwestenberg/reolink). I can also help you get this in soapui for some testing.

[andriej]

I can try to help and debug/see possible options, but for sure assistance is needed with the library and/or API :-)

[badabing2005]

Thanks for renaming this one. And I thing @badabing2005 you are right about that. But I also did not look any further. I am using the ONVIF event subscription for motion detection. You can check it out in the other repository (fwestenberg/reolink). I can also help you get this in soapui for some testing.

@fwestenberg Let me know what you need and how I can get you the info you need.

[andriej]

Does the library use onvif subscription to get that notifications or it's more reolink's cgi file?

[fwestenberg]

It uses onvif subscription for notifications. Because NVR is not working well at the moment, after a NVR motion notification we call the motion service from the cgi to find out which camera has motion detected.

[andriej]

Not sure if I get it properly - first to fix is the NVR issue and then it might help with this one, right?

[fwestenberg]

Indeed, the first NVR issue should be fixed. Then we will look further for a certificate fix or whatever.

[fwestenberg]

I sent @badabing2005 a SoapUI project for testing Onvif services. If you are interested as well, please share your email with me.

[Jonnehs]

I'm using HTTPS for HASS and would like the motion sensor to be available for triggering automations etc, is that possible somehow?

[AndyVRD]

Hi,

First of all thanks for this amazing integration. I'm also using HTTPS for HASS and the motion sensor is also not working for me, all other things working fine.

[Jonnehs]

has there been any progress on this, or is there a work around? Other than using http for your whole HASS system?

[andriej]

Not yet, unfortunately

[Jonnehs]

is there any way to get the webhook for this integration to use http as a temporary measure? Or can such a thing be implemented as a work around until an SSL fix is available? Really need to be able to get motion events to solve an issue