search

jesserockz / python-juicenet

MIT License
12 stars 10 forks source link

Certificate expired #17

Open mdz opened 2 months ago

mdz commented 2 months ago

Using this module with the juicenet integration in Home Assistant, I get the following error:

2024-09-08 16:40:26.847 ERROR (MainThread) [homeassistant.components.juicenet] Could not reach the JuiceNet API Cannot connect to host jbv1-api.emotorwerks.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1000)')]

Connecting with openssl, I get:

openssl s_client -connect jbv1-api.emotorwerks.com:443
CONNECTED(00000003)
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
verify return:1
depth=0 CN = *.emotorwerks.com
verify error:num=10:certificate has expired
notAfter=Jun 25 18:26:27 2024 GMT
verify return:1
depth=0 CN = *.emotorwerks.com
notAfter=Jun 25 18:26:27 2024 GMT
verify return:1
---
Certificate chain
 0 s:CN = *.emotorwerks.com
   i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 25 18:26:27 2023 GMT; NotAfter: Jun 25 18:26:27 2024 GMT
 1 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
   i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May  3 07:00:00 2011 GMT; NotAfter: May  3 07:00:00 2031 GMT
 2 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
   i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan  1 07:00:00 2014 GMT; NotAfter: May 30 07:00:00 2031 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGljCCBX6gAwIBAgIIV8ELi76KI98wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwNTI1MTgyNjI3WhcN
MjQwNjI1MTgyNjI3WjAcMRowGAYDVQQDDBEqLmVtb3RvcndlcmtzLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQ1shRRwi+vwuZhXrFBrCSFZsF4
Ztsdpwi1g7fbSlK4lQAoSU77jeIm+QTxAtwpKIAhSlx8KzA9SqpiWUbmky/hdlyJ
EbM3I934wKqLDVIynS7mdSwx1bX0xwlculZG47+NNUEcpZ/Kw47pcMsRosXABCKK
FfNjgaqDVdkSJeLcyBKPedTh/E75XVH16TpHgoNyAFO89v/m0W9q46hWWsLdhL0m
5tKw8ABHj1JdmLDckwDGWSXNMlRMdOpADcwABb2PboFNfi0djh2LvXOs6b2h1veY
clQ+6h4zujgeXBcrGJPag0eOJ/RupX8D1SeFdu2DrersdKQg+2OdxQDMws0CAwEA
AaOCA0EwggM9MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMA4GA1UdDwEB/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8v
Y3JsLmdvZGFkZHkuY29tL2dkaWcyczEtNTg1Mi5jcmwwXQYDVR0gBFYwVDBIBgtg
hkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdv
ZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcw
AoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dk
aWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAtBgNVHREE
JjAkghEqLmVtb3RvcndlcmtzLmNvbYIPZW1vdG9yd2Vya3MuY29tMB0GA1UdDgQW
BBSD3Klgkv6bRqmC7VcpiZChtc5+KzCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFm
AHUA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGIVCm9KwAABAMA
RjBEAiB7vZ9mNL8rT6qHjzK7m1ynat0bMNZteOs36HoIC6Id5AIgam3Gzg7BToD1
T/z4IS053VXgNNU6MPDnlhIJD2PonLMAdQBIsONr2qZHNA/lagL6nTDrHFIBy1bd
LIHZu7+rOdiEcwAAAYhUKb6MAAAEAwBGMEQCIAdeV5yhSCS8yaTNV5RNuZeuxNSl
4CwV6pHpbHDdIPeLAiAArhcAvH8PFIyCJihN4J+HdfzZuaCRVyJG/GZP7QIG4wB2
ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABiFQpvyAAAAQDAEcw
RQIgfIdkvOV0nB05jSl8i1Wn1+/Ba2J51EyK9efoZG1u0hcCIQCkVDpL7Nxf6H+C
zfYL/klkrfNE2u4J7tEN5giTh33xdTANBgkqhkiG9w0BAQsFAAOCAQEAFRR719H2
yjorsHVTfm93QuTrhGc75/p3zi4p7qO6xCSShrp7KUzbhu2eR1JSgYu6/WXuRUo1
I3CKSr3K8/lhaPp7SiRcUWuijNmW7CIMDD4yM+9Gx1P5o8rwiGXObtiEiizwxzLL
OkDBPEmojjm1T/NH7purl32lbVp/z4B6r+AiVwh6/7f3JRv4jdpFAAni/GqeWgYp
sL9uPeftByxqOILsA0ghj66zMCFhTzFGbTd4tsUUuQHqtVP+HHk8wiFyFO8OII+1
yjxwuih3gvR7ul70Zbg5l4S+P+Zfbcawf+OgBLXBDFPUAIappNDRRjHaW42SWQS+
MIEtzuAvGb6L7A==
-----END CERTIFICATE-----
subject=CN = *.emotorwerks.com
issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, secp521r1, 521 bits
---
SSL handshake has read 4773 bytes and written 833 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: CAC1F5DB248402FC9FFF414D287CA886081320E998868D980ED197D60A908825
    Session-ID-ctx: 
    Resumption PSK: 352B1BB120DDAFFD12ACE71BAC225A3048427201D6C1BE17F0CC49E7CA591464218DAD80BD3B62550F6F4BD397F1C82A
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 36000 (seconds)
    TLS session ticket:
    0000 - 9b 23 00 00 b8 a8 3d a8-86 f6 60 62 a3 a9 75 f7   .#....=...`b..u.
    0010 - 19 76 83 f9 8d 0f 45 2d-fe 76 fa 40 62 39 0c 82   .v....E-.v.@b9..

    Start Time: 1725838878
    Timeout   : 7200 (sec)
    Verify return code: 10 (certificate has expired)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

Note:

verify error:num=10:certificate has expired
[...]
Verify return code: 10 (certificate has expired)

Perhaps there is a newer API endpoint that has a non-expired certificate?

shatteringlass commented 1 month ago

I suppose it might be related to this piece of news:

https://www.juiceboxnorthamerica.com/?category=topics/juicebox