search

iternio / ovms-link

14 stars 6 forks source link

SSL error plays up again? #21

Closed hemmobrink closed 8 months ago

hemmobrink commented 8 months ago

Since six days ago I haven't been able to update the data from OVMS to ABRP. I don't think anything changed on my end at that time. The error in the logs is E (57222914) mongoose: mg_ssl_if_mbed_err 0x3f828be0 SSL error: -9984 I (57222924) ovms-duk-util: [lib/abrp.js:25:log] (2024-02-03 14:44:44.000+01:00) ERROR: ABRP error "SSL error" E (57224514) mongoose: mg_ssl_if_mbed_err 0x3f828be0 SSL error: -29312

I did install the Google GTS1P5 certificate as described in the docs, and I checked that it's listed in the tls trust list. Am I missing something, or is this happening to more users? I went through the whole setup again, just to be sure, but nothing changed.

bellemerlord commented 8 months ago

Hi, same here, I thought I made a mistake setting it up, I own a OVMS only for two weeks. It for worked a few days, but now ABRP doesn't get any data, I have the same SSL errors.

jason-abrp commented 8 months ago

Are you sending data in via HTTP or HTTPS?

jason-abrp commented 8 months ago

Also, we switched hosts and cycled certificates as part of our ongoing infrastructure updates. Normally computers re-trust the certificate by themselves, but perhaps that needs to be done manually for the OVMS?

mdallaire commented 8 months ago

It looks like your new certificates for the api.iternio.com are signed by godaddy instead of google.

openssl s_client -connect api.iternio.com:443
CONNECTED(00000003)
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
verify return:1
depth=0 CN = *.iternio.com
verify return:1
---
Certificate chain
 0 s:CN = *.iternio.com
   i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan  1 16:27:39 2024 GMT; NotAfter: Feb  1 16:27:39 2025 GMT
 1 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
   i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May  3 07:00:00 2011 GMT; NotAfter: May  3 07:00:00 2031 GMT
 2 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
   i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan  1 07:00:00 2014 GMT; NotAfter: May 30 07:00:00 2031 GMT
 3 s:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
   i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
   v:NotBefore: Jun 29 17:06:20 2004 GMT; NotAfter: Jun 29 17:06:20 2034 GMT
mdallaire commented 8 months ago

You need to add the gdroot-g2.crt file from godaddy to the /store/trustedca/ folder.

I will try to submit a PR for the README later today.

hemmobrink commented 8 months ago

Thanks a lot @mdallaire, this solved the issue for me!