homeassistant
commented
2 years ago Hey there @hacf-fr, @quentame, mind taking a look at this feedback as it has been labeled with an integration (freebox) you are listed as a code owner for? Thanks!
Closed lscorcia closed 1 year ago
homeassistant
commented
2 years ago Hey there @hacf-fr, @quentame, mind taking a look at this feedback as it has been labeled with an integration (freebox) you are listed as a code owner for? Thanks!
Peter83
commented
2 years ago worked like a charm, thanks for sharing!
il-matthew
commented
2 years ago hey @lscorcia any chance you can show me how you managed to do it into homeassistant (even in italian)? Seems that I'm missing something basical as how to change the certificate
lscorcia
commented
1 year ago @il-matthew , you are right, it took me a while to understand how to do that. The CA verification in HA is performed using the certifi python package, so you have to append the certificate to the /usr/lib/python3/dist-packages/certifi/cacert.pem file. Restart HA/reboot and it should work.
il-matthew
commented
1 year ago @il-matthew , you are right, it took me a while to understand how to do that. The CA verification in HA is performed using the certifi python package, so you have to append the certificate to the /usr/lib/python3/dist-packages/certifi/cacert.pem file. Restart HA/reboot and it should work.
Didn't get that lucky; I managed to copy the ECC Root CA into /usr/lib/python3.10/site-packages/pip/_vendor/certifi but after a reboot didn't work... I'll probably just wait for the official patching
lscorcia
commented
1 year ago @il-matthew it's not enough to copy the PEM file there. You need to append the cert to the cacert.pem file that you will find in the mentioned folder.
github-actions[bot]
commented
1 year ago There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved. If this issue is still relevant, please let us know by leaving a comment 👍 This issue has now has been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.
lscorcia
commented
1 year ago Issue is still relevant, also the fix on the related integration is ready but still not merged.
TheCheshireMan
commented
1 year ago Ciao/Hi @lscorcia, would you be able to help me figure out why the fix isn't working for me?
I'm running Home Assistant Core on a raspberry pi 3b+ running dietpi (installed through the default preconfigured software list). This way of installing HASS gives it a hidden .pyenv directory inside the "homeassistant" user folder which should act as a separate python environment.
My iliadbox status is the following:
Home Assistant even auto-discovers the Freebox integration. However, when I send the connection/new application request, an unexpected error occurs, and the logs spit out the following:
Logger: homeassistant.components.freebox.config_flow
Source: deps/lib/python3.10/site-packages/freebox_api/aiofreepybox.py:226
Integration: Freebox (documentation, issues)
First occurred: 10:08:32 (1 occurrences)
Last logged: 10:08:32
Unknown error connecting with Freebox router at MYHTTPS.ILIADBOXURL.it
Traceback (most recent call last):
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/site-packages/aiohttp/connector.py", line 986, in _wrap_create_connection
return await self._loop.create_connection(*args, **kwargs) # type: ignore[return-value] # noqa
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/asyncio/base_events.py", line 1097, in create_connection
transport, protocol = await self._create_connection_transport(
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/asyncio/base_events.py", line 1127, in _create_connection_transport
await waiter
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/asyncio/sslproto.py", line 534, in data_received
ssldata, appdata = self._sslpipe.feed_ssldata(data)
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/asyncio/sslproto.py", line 188, in feed_ssldata
self._sslobj.do_handshake()
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/ssl.py", line 975, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/site-packages/homeassistant/components/freebox/config_flow.py", line 75, in async_step_link
await fbx.open(self._host, self._port)
File "/mnt/dietpi_userdata/homeassistant/deps/lib/python3.10/site-packages/freebox_api/aiofreepybox.py", line 83, in open
self._access = await self._get_freebox_access(
File "/mnt/dietpi_userdata/homeassistant/deps/lib/python3.10/site-packages/freebox_api/aiofreepybox.py", line 162, in _get_freebox_access
app_token, track_id = await self._get_app_token(base_url, app_desc, timeout)
File "/mnt/dietpi_userdata/homeassistant/deps/lib/python3.10/site-packages/freebox_api/aiofreepybox.py", line 226, in _get_app_token
r = await self._session.post(url, data=data, timeout=timeout)
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/site-packages/aiohttp/client.py", line 535, in _request
conn = await self._connector.connect(
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/site-packages/aiohttp/connector.py", line 542, in connect
proto = await self._create_connection(req, traces, timeout)
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/site-packages/aiohttp/connector.py", line 907, in _create_connection
_, proto = await self._create_direct_connection(req, traces, timeout)
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/site-packages/aiohttp/connector.py", line 1206, in _create_direct_connection
raise last_exc
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/site-packages/aiohttp/connector.py", line 1175, in _create_direct_connection
transp, proto = await self._wrap_create_connection(
File "/home/homeassistant/.pyenv/versions/3.10.9/lib/python3.10/site-packages/aiohttp/connector.py", line 988, in _wrap_create_connection
raise ClientConnectorCertificateError(req.connection_key, exc) from exc
aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host MYHTTPS.ILIADBOXURL.IT:MYHTTPSPORT ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')](of course, actual connection details redacted, hope they were clear)
Any idea what I am doing wrong?
TheCheshireMan
commented
1 year ago I finally figured it out! I'll answer myself so that any unfortunate souls that come across the same problem can get it out. The certificates file that you need to append the certificates to is in the following directory: /mnt/dietpi_userdata/homeassistant/deps/lib/python3.10/site-packages/freebox_api It's called freebox_certificates.pem. That makes it work.
godabes
commented
1 year ago Can you explain how to append certificates? i'm trying to learn something about it, but i can't find anything. i'm very noob
TheCheshireMan
commented
1 year ago Can you explain how to append certificates? i'm trying to learn something about it, but i can't find anything. i'm very noob
It highly depends on your system. What are you running Home Assistant on? If it's a linux system (e.g. raspberry pi) you need terminal access to the machine it's installed on, try to learn about SSH if you don't have a physical keyboard and monitor connected. Then you need to find the directory of the certificate file (depends on your setup, read the documentation that you used to install Home Assistant or try one of those we mentioned in this thread). When you find it, you can use nano (text editor) to edit the freebox_certificates.pem file like this:
sudo nano /pathtoyourcertificatesfile
Obviously swap "/pathtoyourcertificatesfile" for the actual path.
And then you scroll down to the bottom and paste the certificate and save the file.
Oooooooor just wait for Home Assistant to update and merge this change, then you won't need to do it.
artlosi
commented
1 year ago Hi everybody. Quite a newbie, here; possibly, a silly question. I run HassIO on a rpi 4B. Where to append the certificate you are talking about? Thanks.
motogordon
commented
1 year ago If it can be of help to anyone:
Quentame
commented
1 year ago Fixed by home-assistant/core/pull/88609, this issue should be created there : https://github.com/home-assistant/core/issues
Realease planned in 2023.3
Feedback
Freebox integration also supports the Iliadbox fiber wifi router provided by Iliad in Italy. It works great out of the box, but it requires trusting the Iliad ECC Root CA to complete the configuration. The routers' root certificate is self signed and is neither available on the internet nor is provided by the router web server, but it can be retrieved in the routers' Developers page. Since it's a bit of a hassle to find it I'll post it here:
Once that is done, the integration works just fine.
URL
https://www.home-assistant.io/integrations/freebox/
Version
2022.9.6
Additional information
No response