Open jacek-dargiel opened 1 week ago
the message [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
indicates that the target URL does not use (anymore?) a valid ssl certificate. this should be reported to the administrator/maintainer of the target URL, or you might want to have a look to the verify_ssl paramater.
The certificate is valid as you can see by checking the URL I've provided.
the root ca in the used ca-certificate
bundle does not match the certificate chain of the server certificate of monitoring.paa.gov.pl
homeassistant:/config# apk info ca-certificates
ca-certificates-20240226-r0 description:
Common CA certificates PEM files from Mozilla
ca-certificates-20240226-r0 webpage:
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/
ca-certificates-20240226-r0 installed size:
712 KiB
homeassistant:/config# openssl s_client -connect monitoring.paa.gov.pl:443 -servername monitoring.paa.gov.pl -verify 3
verify depth is 3
CONNECTED(00000003)
depth=0 CN = *.paa.gov.pl
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.paa.gov.pl
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = *.paa.gov.pl
verify return:1
---
Certificate chain
0 s:CN = *.paa.gov.pl
i:C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Domain Validation CA SHA2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 13 08:37:56 2024 GMT; NotAfter: Feb 12 08:37:55 2025 GMT
---
homeassistant:/config# openssl s_client -connect monitoring.paa.gov.pl:443 -servername monitoring.paa.gov.pl -verify 3 -CAfile /etc/ssl/certs/ca-cert-Certum_Trusted_Network_CA.pem -CAfile /etc/ssl/certs/ca-cert-Certum_Trusted_Root_CA.pem -CAfile /etc/ssl/certs/ca-cert-Certum_Trusted_Network_CA_2.pem
verify depth is 3
CONNECTED(00000003)
depth=0 CN = *.paa.gov.pl
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.paa.gov.pl
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = *.paa.gov.pl
verify return:1
---
Certificate chain
0 s:CN = *.paa.gov.pl
i:C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Domain Validation CA SHA2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 13 08:37:56 2024 GMT; NotAfter: Feb 12 08:37:55 2025 GMT
---
The problem
I have a REST sensor that polls the Polish Atomic Agency's API to get the current radiation readings in some areas of Poland. Here's the URL I'm polling:
https://monitoring.paa.gov.pl/_api/maps/MapLayer/15d20873-f8a7-8899-5d69-960cc9ebbbb6/DetailsTable/f5af6ec4-d759-3163-344e-cbf147d28e28/Data/b974aef7-d428-4d4a-a8c0-43a3a0ae2570?dateFrom=2024-03-26T00:00:00.000Z&dateTo=2024-04-25T00:00:00.000Z
Yesterday, this sensor stopped working. HA Core logs say it's because:
I guess the website certificate might have changed, but it's a valid certificate according to my Windows/Edge browser. I haven't installed any custom certs for it to work.
What version of Home Assistant Core has the issue?
core-2024.4.4
What was the last working version of Home Assistant Core?
core-2024.4.3 ?
What type of installation are you running?
Home Assistant OS
Integration causing the issue
RESTful
Link to integration documentation on our website
https://www.home-assistant.io/integrations/rest/
Diagnostics information
No response
Example YAML snippet
Anything in the logs that might be useful for us?
Additional information
No response