Error requesting <hostname>/api/v1/token Cannot connect to host <hostname>:443 ssl:default [None] [Timeout] (from ha-pysma)

[tanuva]

I see this when I try to set up my inverter (SMA SBSE 4.0) in ha-pysmaplus. I suspect this happens because the inverter uses an SSL certificate that is not commonly accepted, e.g. it is signed by SMA, but not by any root CA that macOS or Debian know. Curl complains about it as well.

The code location that creates this error message handles both ClientError and TimeoutError, this gives me reason to believe that it isn't actually a timeout. When I try to curl <hostname>/api/v1/token from the HA host, curl also returns a certificate problem:

$ curl https://sma3022286548.local/api/v1/token
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

My first idea to fix this is to add a checkbox in the HA setup screen to disable SSL certificate validation.

Alas I don't see how I can run my own modified version of pysmaplus in HA. I don't want to publish it first so I can make my checkout of ha-pysmaplus depend on my fork. Let alone the turnaround times for debugging that would incur. (I have ha-pysmaplus installed manually on the HA host, so modifying that is not a problem. But where does it store the pysmaplus code it depends on?)

[littleyoda]

Hi

the certificate should be the problem, because they are not checked. Every SMA inverter is using the self signed certificates, so everyone should have this problem.

Setting up a home assistant instance for debugging makes a lot of work.

If you have a linux system available, it is easier to use the example.py from pysma-plus.

see https://github.com/littleyoda/pysma/blob/master/doc/connection.md

If you want to go the Home Assistant route, let me know. Then I can give you a few tips.

[tanuva]

Hah, that's the funny part: Getting values with example.py works perfectly fine. (After I renamed the pysma folder to pysmaplus for the imports to work. I see you planned a symlink for that now.) It is just the HA extension that seems to be unhappy with something on the network, but alas I can't really tell from the error message here what might be wrong. 🤔

Even if I curl --insecure -X POST https://SMAxxxx.local/api/v1/token the request at least doesn't yield an error message. No success either because the parameters are missing, of course.

[tanuva]

Back from vacation I experimented a bit further today. Turns out that the curl incantation from above did work from the HA host system, but not from inside the HA docker container. For reasons yet unknown to me, resolving SMAxxx.local does not work - using the hostname without .local works however.

Consequently, I'd consider the error message I got ([Timeout]) misleading. I want to first spend a bit of time on getting the right values out of my Sunny Boy SE now, but I can try improving the error messaging here afterwards.