search

home-assistant / supervisor

:house_with_garden: Home Assistant Supervisor
https://home-assistant.io/hassio/
Apache License 2.0
1.72k stars 627 forks source link

SSL handshake issue and no external network access #1241

Closed mpartoglou closed 5 years ago

mpartoglou commented 5 years ago

Home Assistant release with the issue: Version: 0.96.5

Operating environment (HassOS/Generic): Environment: Hass.io on Ubuntu 18.04.3 LTS (followed Frencks install guide: https://gist.github.com/frenck/32b4f74919ca6b95b30c66f85976ec58)

Supervisor logs: 19-08-18 08:14:20 INFO (MainThread) [hassio.addons] Phase 'system' start 2 add-ons 19-08-18 08:14:20 INFO (SyncWorker_10) [hassio.docker.interface] Clean addon_a0d7b954_sonweb application 19-08-18 08:14:20 INFO (SyncWorker_1) [hassio.docker.interface] Clean addon_core_mosquitto application 19-08-18 08:14:32 INFO (SyncWorker_1) [hassio.docker.addon] Start Docker add-on homeassistant/amd64-addon-mosquitto with version 5.0 19-08-18 08:14:37 INFO (SyncWorker_10) [hassio.docker.addon] Start Docker add-on hassioaddons/sonweb-amd64 with version v0.8.1 19-08-18 08:14:39 INFO (MainThread) [hassio.services.modules.mqtt] Set core_mosquitto as service provider for mqtt 19-08-18 08:14:42 INFO (MainThread) [hassio.addons] Phase 'services' start 6 add-ons 19-08-18 08:14:42 WARNING (SyncWorker_0) [hassio.docker.addon] Portainer run with disabled protected mode! 19-08-18 08:14:42 INFO (SyncWorker_0) [hassio.docker.interface] Clean addon_a0d7b954_portainer application 19-08-18 08:14:42 WARNING (SyncWorker_19) [hassio.docker.addon] Glances run with disabled protected mode! 19-08-18 08:14:42 INFO (SyncWorker_19) [hassio.docker.interface] Clean addon_a0d7b954_glances application 19-08-18 08:14:42 INFO (SyncWorker_8) [hassio.docker.interface] Clean addon_3833edd4_googlebackup application 19-08-18 08:14:42 INFO (SyncWorker_4) [hassio.docker.interface] Clean addon_core_samba application 19-08-18 08:14:42 INFO (SyncWorker_3) [hassio.docker.interface] Clean addon_a0d7b954_tautulli application 19-08-18 08:14:43 INFO (SyncWorker_15) [hassio.docker.interface] Clean addon_core_duckdns application 19-08-18 08:15:00 INFO (SyncWorker_8) [hassio.docker.addon] Start Docker add-on samccauley/amd64-googlebackup with version 1.6.2 19-08-18 08:15:02 INFO (SyncWorker_4) [hassio.docker.addon] Start Docker add-on homeassistant/amd64-addon-samba with version 8.1 19-08-18 08:15:03 INFO (SyncWorker_19) [hassio.docker.addon] Start Docker add-on hassioaddons/glances-amd64 with version v0.5.3 19-08-18 08:15:07 INFO (SyncWorker_15) [hassio.docker.addon] Start Docker add-on homeassistant/amd64-addon-duckdns with version 1.9 19-08-18 08:15:09 INFO (SyncWorker_0) [hassio.docker.addon] Start Docker add-on hassioaddons/portainer-amd64 with version v0.7.3 19-08-18 08:15:09 INFO (SyncWorker_3) [hassio.docker.addon] Start Docker add-on hassioaddons/tautulli with version v1.2.0 19-08-18 08:15:14 INFO (SyncWorker_9) [hassio.docker.interface] Clean homeassistant application 19-08-18 08:15:17 INFO (MainThread) [hassio.api.security] /host/info access from a0d7b954_portainer 19-08-18 08:15:17 INFO (MainThread) [hassio.api.security] /host/info access from a0d7b954_glances 19-08-18 08:15:26 INFO (SyncWorker_9) [hassio.docker.homeassistant] Start homeassistant homeassistant/qemux86-64-homeassistant with version 0.96.5 19-08-18 08:15:31 INFO (MainThread) [hassio.api.security] /host/info access from a0d7b954_tautulli 19-08-18 08:16:32 INFO (MainThread) [hassio.api.security] /host/info access from a0d7b954_sonweb 19-08-18 08:16:41 INFO (MainThread) [hassio.homeassistant] Home Assistant pip installation in progress 19-08-18 08:17:11 INFO (MainThread) [hassio.homeassistant] Home Assistant pip installation done 19-08-18 08:17:11 INFO (MainThread) [hassio.auth] Auth request from core_mosquitto for mqtt 19-08-18 08:17:11 ERROR (MainThread) [hassio.homeassistant] Error on call https://172.30.32.1:8123/api/: Cannot connect to host 172.30.32.1:8123 ssl:None [Connection refused] 19-08-18 08:17:11 INFO (MainThread) [hassio.auth] Home Assistant not running, check cache 19-08-18 08:17:11 INFO (MainThread) [hassio.auth] Cache hit for mqtt 19-08-18 08:17:31 INFO (MainThread) [hassio.homeassistant] Detect a running Home Assistant instance 19-08-18 08:17:31 INFO (MainThread) [hassio.addons] Phase 'application' start 2 add-ons 19-08-18 08:17:31 WARNING (MainThread) [hassio.addons.validate] Unknown options port 19-08-18 08:17:31 INFO (SyncWorker_10) [hassio.docker.interface] Clean addon_core_configurator application 19-08-18 08:17:31 INFO (SyncWorker_13) [hassio.docker.interface] Clean addon_a0d7b954_nodered application 19-08-18 08:17:50 INFO (SyncWorker_13) [hassio.docker.addon] Start Docker add-on hassioaddons/node-red-amd64 with version v4.0.5 19-08-18 08:17:58 INFO (MainThread) [hassio.api.security] /host/info access from a0d7b954_nodered 19-08-18 08:18:02 INFO (SyncWorker_10) [hassio.docker.addon] Start Docker add-on homeassistant/amd64-addon-configurator with version 3.4 19-08-18 08:18:07 INFO (MainThread) [hassio.tasks] All core tasks are scheduled 19-08-18 08:18:07 INFO (MainThread) [hassio.core] Hass.io is up and running 19-08-18 08:20:30 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:20:31 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:20:32 INFO (MainThread) [hassio.homeassistant] Updated Home Assistant API token 19-08-18 08:20:32 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request running 19-08-18 08:33:36 INFO (SyncWorker_2) [hassio.docker.interface] Restart homeassistant/qemux86-64-homeassistant 19-08-18 08:33:37 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API error: Received message 8:1000 is not str 19-08-18 08:33:37 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API connection is closed 19-08-18 08:33:42 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:33:42 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:33:42 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:33:47 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:33:47 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:33:47 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:33:52 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:33:52 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:33:52 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:33:57 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:33:57 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:33:57 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:34:02 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:34:02 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:34:02 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:34:07 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:34:07 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:34:07 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:34:11 INFO (MainThread) [hassio.auth] Auth request from core_mosquitto for mqtt 19-08-18 08:34:11 ERROR (MainThread) [hassio.homeassistant] Error on call https://172.30.32.1:8123/api/: Cannot connect to host 172.30.32.1:8123 ssl:None [Connection refused] 19-08-18 08:34:11 INFO (MainThread) [hassio.auth] Home Assistant not running, check cache 19-08-18 08:34:11 INFO (MainThread) [hassio.auth] Cache hit for mqtt 19-08-18 08:34:12 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:34:12 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:34:12 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:34:17 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:34:17 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:34:17 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:34:22 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:34:22 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:34:22 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:34:27 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:34:27 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:34:27 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:34:32 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:34:32 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:34:32 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:34:37 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:34:37 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:34:37 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:34:42 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:34:42 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:34:42 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:34:47 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:34:47 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:34:47 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused]. 19-08-18 08:34:52 INFO (MainThread) [hassio.homeassistant] Detect a running Home Assistant instance 19-08-18 08:34:52 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request initialize 19-08-18 08:34:52 INFO (MainThread) [hassio.api.proxy] WebSocket access from a0d7b954_nodered 19-08-18 08:34:52 INFO (MainThread) [hassio.api.proxy] Home Assistant WebSocket API request running

Description of problem: I migrated my system into Ubuntu and followed Frencks set-up instructions (was long overdue to add it to my docker set-up). I decide to re-build my Ubuntu environment from scratch and everything worked except now I can't access my service externally.

DuckDNS is running and updating correctly, i can connect other services hosted within docker containers externally (e.g. Plex), all port are forwarded correctly (e.g. 443 -> 8123)

I can access everything locally (192.168.86.100:8123), It can access third-party services (BOM component is working) but i can't access it.

Logs also repeat this a lot Traceback (most recent call last): File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake File "/usr/local/lib/python3.7/ssl.py", line 774, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076) 2019-08-18 18:44:57 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed Traceback (most recent call last): File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake File "/usr/local/lib/python3.7/ssl.py", line 774, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076) 2019-08-18 18:44:57 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed Traceback (most recent call last): File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake File "/usr/local/lib/python3.7/ssl.py", line 774, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076) 2019-08-18 18:44:57 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed Traceback (most recent call last): File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake File "/usr/local/lib/python3.7/ssl.py", line 774, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076) 2019-08-18 18:44:57 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed

I CHMOD'd my SSL items as per (https://community.home-assistant.io/t/log-error-ssl-handshake-failed/93236/3?u=mitch) but it didn't have any impacts

Please let me know what further information is required

frenck commented 5 years ago

This is most likely related to #1231

mpartoglou commented 5 years ago

Thanks, let me know if I can help with testing for that thread. I read all of that, but wasn't 100% sure.

mpartoglou commented 5 years ago

@frenck I followed the instructions in #1231; updated supervisor to v180 (was v181 when I did it). Reviewed the DNS settings and updated via

dns options --servers 192.168.86.1

restarted the DNS, even restarted Home Assistant (confirmed the DNS config changes were applied).

I am still getting the following errors:

Hass.io -> System 19-08-18 21:56:48 ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot connect to host 172.30.32.1:8123 ssl:False [Connection refused].

Developers tools -> Info ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076) 2019-08-19 07:56:51 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed Traceback (most recent call last): File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake File "/usr/local/lib/python3.7/ssl.py", line 774, in do_handshake self._sslobj.do_handshake()

I am also still unable to access my network remotely post my move (re-checked all my port forwarding a few times).

Any ideas where I went wrong?

mpartoglou commented 5 years ago

Updates:

  1. I removed and re-installed DuckDNS just to be sure it was an SSL certificate. This re-built SSL certificates correctly
  2. I've tried all variations of accessing https://secret.duckdns.org with no luck (even http://secret.duckdns.org:8123) with no luck - i'm wondering if it is to do with the other thread again, but none of those suggestions have helped.

Stilll more and more of the same error as above 2019-08-20 19:18:15 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed Traceback (most recent call last): File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake File "/usr/local/lib/python3.7/ssl.py", line 774, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076)

mpartoglou commented 5 years ago

It was DuckDNS certificate expiry + the other thread... turns out two issues and i've fixed it.