search

home-assistant / core

:house_with_garden: Open source home automation that puts local control and privacy first.
https://www.home-assistant.io
Apache License 2.0
73.72k stars 30.84k forks source link

SSL handshake failed / SSL error errno:1 reason: UNSUPPORTED_PROTOCOL #22625

Closed Rick-Git closed 5 years ago

Rick-Git commented 5 years ago

Home Assistant release with the issue: 0.90.1 / 0.90.1

Last working Home Assistant release (if known): None, new installation (one month, earlier release as well

Operating environment (Hass.io/Docker/Windows/etc.): Hass.io

Component/platform: SSL Handshake fail & SSL Error using DuckDNS/Let's Encrypt Addon

Description of problem: No connection possible via the https-protocol on several occasions per day. It seems a random problem. When error is happening no https connection via DuckDNS possible. It stops working, than it just works again without any problem solving.

Problem-relevant configuration.yaml entries and (fill out even if it seems unimportant):

http:
  base_url: https://my_url.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Traceback (if applicable):

2019-04-01 11:06:52 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1056)
2019-04-01 11:06:52 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: UNSUPPORTED_PROTOCOL
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1056)

Earlier today: 


2019-04-01 07:49:21 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:21 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:22 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:22 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:26 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:51:48 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:51:48 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

No errors (on this topic) between both.

Additional information: Using port-forwarding on EdgeRouter X port 8123 and 443 to RPI 3b+.

sabbatho commented 5 years ago

Hi, I have similar problem, for me nothing through https and duckdns will work. http and duckdns works so i am using http at the moment. Same error message in logs as Rick

Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN

15:11 /usr/local/lib/python3.7/site-packages/homeassistant/core.py (ERROR) - message first occured at 15:06 and shows up 23 times

Error doing job: SSL handshake failed

15:11 /usr/local/lib/python3.7/site-packages/homeassistant/core.py (ERROR) - message first occured at 15:06 and shows up 24 times

Thanks

harfordhawk commented 5 years ago

same here . tried many things disabling, etc, nothing helps. i can log in fine thru https but thousands of errors in log

akovano commented 5 years ago

Same here, and I don't use the duckdns add on, just using a Let's Encrypt wildcard cert I pulled from another machine. SSL is completely broken!

chelming commented 5 years ago

What are you trying to connect from? Is it possible that only TLS 1.3 is being allowed and you're connecting with a device that doesn't support TLS 1.3?

akovano commented 5 years ago

I am connecting from Macbook/OSX High Sierra

So I just ran the following command to make sure TLS 1.3 was enabled from OSX: sudo defaults write /Library/Preferences/com.apple.networkd tcp_connect_enable_tls13 1

I then restarted and went to link below to verify TLS 1.3 capability: https://www.ssllabs.com/ssltest/viewMyClient.html

I then re-enabled https in configuration.yaml, restarted Homeassistant, and I can connect via https to the UI now. To be honest I'm not sure if it was the OSX TLS change or the restart that did it, but if others want to try the same and report back, we'll know if that was the issue.

sabbatho commented 5 years ago

For me the error showed it self when i was using Tasker in android, both with api password and with long lived token using https-duckdns. And it also showed when using chrome both in an updated win10 aswell as android chrome. And rss_feed_template using android simple rss also broke with https.

as soon as i went over to http all was working. Have tried reinstalling duckdns addon aswell as manually deleting ssl-files. Nothing was working except going to http, and duckdns with http is also working.

chelming commented 5 years ago

Start by checking what your client is capable of: https://www.ssllabs.com/ssltest/viewMyClient.html Then check what HA is even willing to accept: https://www.cdn77.com/tls-test

To me this sounds like HA is only accepting TLS 1.3 and not all clients support it. 🤷‍♂️

Rick-Git commented 5 years ago

I don't know for sure if its a client problem. The errors also show up at night and I sure am not using the webinterface at 3:43 ;-)

2019-04-03 03:43:41 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:1056)
2019-04-03 03:43:41 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:1056)

Also at this time no other people trying to log even, I'm not seeing any "Login attempt or request with invalid authentication from" rows in the log.

chelming commented 5 years ago

Also at this time no other people trying to log even, I'm not seeing any "Login attempt or request with invalid authentication from" rows in the log.

If you have a site that is open to the world, bet on it being scraped by bots trying to find vulnerabilities like wordpress installs, phpmyadmin with default credentials, and other various things that people leave open and don't change.

also, your error is different from the two posted in the OP. OP's issues were: [SSL: UNSUPPORTED_PROTOCOL], which likely means something isn't capable of what the server will allow [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN], which is likely a client trying to do SSLv3 and the server not allowing it [SSL: HTTP_REQUEST] sounds like something is requesting things on port 80 instead of port 443.

Rick-Git commented 5 years ago

Also at this time no other people trying to log even, I'm not seeing any "Login attempt or request with invalid authentication from" rows in the log.

If you have a site that is open to the world, bet on it being scraped by bots trying to find vulnerabilities like wordpress installs, phpmyadmin with default credentials, and other various things that people leave open and don't change.

also, your error is different from the two posted in the OP. OP's issues were: [SSL: UNSUPPORTED_PROTOCOL], which likely means something isn't capable of what the server will allow [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN], which is likely a client trying to do SSLv3 and the server not allowing it [SSL: HTTP_REQUEST] sounds like something is requesting things on port 80 instead of port 443.

You're right, the error is very different. Didn't know the last thing when it's requesting 80 instead of 443. So why is it giving so many errors for port 80? Port 80 is closed from the internet. Nobody's on the network.

And I really do know that 'when it's open to the internet people are trying'. That's why I'm also mentioning no login errors occur.

chelming commented 5 years ago

That's why I'm also mentioning no login errors occur. you won't get a login error if someone is hitting yourdomain.duckdns.org/wp-admin/

is anything connecting to HA via IP address from inside your network using 8123 or http?

harfordhawk commented 5 years ago

Just to report in on my problem, I think I fixed it! I really suppose we all may have separate things causing this but for me it was port 80 was forwarded to my HA server ... This had not been a problem in the past but when I disabled that forward, the SSL errors seem to be gone!

EDIT: I may have spoken too soon! the errors seem to be significantly reduced, but still getting some

chelming commented 5 years ago

could you check to see what your server is accepting? https://www.cdn77.com/tls-test

if it's only accepting TLS 1.3 I think you are able to relax the settings to also allow TLS 1.2.

harfordhawk commented 5 years ago

this is what I get when I check it

TLS 1.3 NO
TLS 1.2 YES
TLS 1.1 NO
TLS 1.0 NO
SSLv3 NO
SSLv2 NO
Rick-Git commented 5 years ago

Here we go again: 

Error doing job: SSL handshake failed
09:33 /usr/local/lib/python3.7/site-packages/homeassistant/core.py (ERROR) - message first occured at 08:36 and shows up 175 times

What ever I do, I cannot login via HTTPS anymore. Every HA-client device is failing right now.

Error doing job: SSL handshake failed

Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

Maybe some device is triggering, but I can't get explained why every device is failing as a result. 

2019-04-05 09:52:00 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:01 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:01 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:01 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:01 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:01 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:02 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
sabbatho commented 5 years ago

With 0.91 freshly installed i tried going back to https through letsencrypt in duckdns addon, cause i dislike using http with HA open to internet. I have same error still where https will not let me in at all, not through duckdns adress or https internal ip. I recieve access error, like there is nothing behind. As soon as i ssh in and change configuration.yaml to use http all is working again. Using chrome to access UI, Tasker to update sensors, simple rss widget in android for rss-data. I have some of my config in git if there could be error in my config. the config i have in git is from before https stopped working, 0.90.0 for me. But i will update configuration.yaml so older versions can be used to check what i have changed and so on. Hope someone might have a solution for this.

CheeseySandal commented 5 years ago

This has just happened to me on 0.91.3. I've been using LetsEncrypt/DuckDns for over a year with no issues and this morning I can't connect at all to https://my_domain.duckdns.org:8123

Trying to visit on my phone I get

Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

instantly in the logs.

My Addon log

# INFO: Using main config file /data/workdir/config
+ Account already registered!
Fri Apr 12 06:52:45 BST 2019: OK
xx.xx.xx.xx
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing xxxxxxxx.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Jun 22 11:38:14 2019 GMT Certificate will not expire
(Longer than 30 days). Skipping renew!

My config:

http:
  base_url: xxxxxx.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: true
  login_attempts_threshold: 3

ip_bans.yaml empty. I'm at a loss!

I can access locally via IP address if I ignore browser certificate warnings. All my automations are firing and my hadashboard is working too.

sabbatho commented 5 years ago

Hi, i just fixed my problem with this. reference: https://community.home-assistant.io/t/bizarre-ui-access-issue/99055

duckdns addon seems to be the problem?

Just so you guys have something to try and perhaps to get the addon fixed?

ittchmh commented 5 years ago

Same error message in logs: ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

My cert was expired, renew certificate - resolved issue

Mark612 commented 5 years ago

I recently upgraded to the latest and enabled the stream component. My SSL will occasionally stop working (can't connect) and then sometimes after will crash HA. Curious, anyone else have the new stream component on? May be related.

RyuzakiKK commented 5 years ago

Same here @Mark612 After some time I can't access anymore my UI, stuck at performing TLS handshake. Nothing in the HA log when this happens.

I'll try to disable the stream component.

sirs2k commented 5 years ago

Same issue here on 92.2 Upgraded from .84 so not sure when this issue would have started.

HA Log

2019-05-15 22:05:00 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

Duckdns log shows + Valid till Jul 22 06:55:46 2019 GMT Certificate will not expire (Longer than 30 days). Skipping renew!

When this happens I can only access HA locally. https doesn't work

RyuzakiKK commented 5 years ago

@sirs2k are you using the stream component? Just to check if it may be related or not.

sirs2k commented 5 years ago

@sirs2k are you using the stream component? Just to check if it may be related or not.

Not sure what the stream component is my friend...

RyuzakiKK commented 5 years ago

@sirs2k are you using the stream component? Just to check if it may be related or not.

Not sure what the stream component is my friend...

This one https://www.home-assistant.io/components/stream/ Ok so I assume that the answer is no.

sirs2k commented 5 years ago

@sirs2k are you using the stream component? Just to check if it may be related or not.

Not sure what the stream component is my friend...

This one https://www.home-assistant.io/components/stream/ Ok so I assume that the answer is no.

Oh, nah I'm not using that :)

ekendra-nz commented 5 years ago

Same thing for me:

  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

Weird because I know the cert is valid and current. I'm not using DuckDNS, just Let's Encrypt on a domain pointing to my public static ip4.

Home assistant is just inoperable until I get this working as I've set callbacks to remote data to the domain that isn't validating.

InfernoJaffa commented 5 years ago

Any Fixes in place for this yet?

koenvanderlinden commented 5 years ago

I get this error when connecting to my HA with the internal IP. So configured for https://xxxxxx.duckdns.org/ Can access it correctly from outside my network (via Port Forward 443=>8123). However from inside https://xxxxxx.duckdns.org/ nor https://xxxxxx.duckdns.org:8123/ is working. So I then connected using the ip address. Browsing to https://192.168.x.y:8123/ works, but with browser SSL warning, and then the errors of sl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] came along.

Maybe this helps a bit to solve the problem.

ittchmh commented 5 years ago

You should edit your local hosts file and add record like this: your internal IP - DNS name In windows path to file is: c:\windows\system32\drivers\etc\hosts Record to add: 192.168.1.101 xxxxx.duckdns.org

Or if your router support host-dns mapping, add mapping to your router configuration

koenvanderlinden commented 5 years ago

@ittchmh Yes I already added the entry and it works without browser ssl error. Also HA did not show the ssl errors anymore.

stale[bot] commented 5 years ago

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue now has been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.