Closed hemmobrink closed 8 months ago
Hi, same here, I thought I made a mistake setting it up, I own a OVMS only for two weeks. It for worked a few days, but now ABRP doesn't get any data, I have the same SSL errors.
Are you sending data in via HTTP or HTTPS?
Also, we switched hosts and cycled certificates as part of our ongoing infrastructure updates. Normally computers re-trust the certificate by themselves, but perhaps that needs to be done manually for the OVMS?
It looks like your new certificates for the api.iternio.com are signed by godaddy instead of google.
openssl s_client -connect api.iternio.com:443
CONNECTED(00000003)
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
verify return:1
depth=0 CN = *.iternio.com
verify return:1
---
Certificate chain
0 s:CN = *.iternio.com
i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 1 16:27:39 2024 GMT; NotAfter: Feb 1 16:27:39 2025 GMT
1 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 3 07:00:00 2011 GMT; NotAfter: May 3 07:00:00 2031 GMT
2 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 1 07:00:00 2014 GMT; NotAfter: May 30 07:00:00 2031 GMT
3 s:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
v:NotBefore: Jun 29 17:06:20 2004 GMT; NotAfter: Jun 29 17:06:20 2034 GMT
You need to add the gdroot-g2.crt file from godaddy to the /store/trustedca/ folder.
I will try to submit a PR for the README later today.
Thanks a lot @mdallaire, this solved the issue for me!
Since six days ago I haven't been able to update the data from OVMS to ABRP. I don't think anything changed on my end at that time. The error in the logs is
E (57222914) mongoose: mg_ssl_if_mbed_err 0x3f828be0 SSL error: -9984
I (57222924) ovms-duk-util: [lib/abrp.js:25:log] (2024-02-03 14:44:44.000+01:00) ERROR: ABRP error "SSL error"
E (57224514) mongoose: mg_ssl_if_mbed_err 0x3f828be0 SSL error: -29312
I did install the Google GTS1P5 certificate as described in the docs, and I checked that it's listed in the tls trust list. Am I missing something, or is this happening to more users? I went through the whole setup again, just to be sure, but nothing changed.