“Sonoff can not connect to server.”

[vacsibalint]

Hey I have a raspberry running with your server, and i could do everything. after i send the POST json with Pi’s IP and port, it says okay, and my S20(tested with t1 too) drops out AP mode and goes back to the wifi what i’ve wrote But the T1 gets 2 blinks fast, what means “Network connection is ok, but the server is not responding/failed to connect” Do you have any idea? I think the routing or some small is only the problem.

[meingraham]

@vacsibalint This sounds very similar to the behavior I'm experiencing... which I believe cannot be resolved at this time. If you have the newer firmware, you may be out of luck. I was able to confirm that I have version 1.6 devices by connecting to eWeLink. The risk is that if you are fortunate enough to have a device with the older firmware, connecting to eWeLink may cause it to be upgraded to the latest and then you are definitely left with no recourse.

[vacsibalint]

Mm I think the downgrade is not possible. Is it? I have T1 version 1.7 S20 version 1.6.1 or 1.6.2 i do not remember I will try at my home network this again, i hope only the network was too secured at my office.. but i do not think and i will very sad if i need to flash every sonoff’s frimware one by one, because i have about 20-30 :(

[meingraham]

@vacsibalint :( indeed! I'm in the same boat. I have about 25 Sonoff devices.

FYI - my experiences are with everything on my home's LAN so no network security reason for the lack of a successful configuration.

I'm pretty much resolved to flashing. I'll probably go the TASMOTA route. Yes, I'll have to do this in "hard wired" mode. So my research has been focused on trying to set up a solderless junction to the board's pins. I don't quite understand how pogo pins might work (particularly the exact kind needed that would fit and retain the connection). I've also seen the clothespin setup or the "clamp it in place with the Sonoff case" setup. All of these seem a bit unreliable. Not sure they'd save time (if a temporary connection is not "stable") over biting the bullet and soldering in a header. My main concern with soldering is my level of expertise with a soldering wand. I'm afraid I'd end up frying one or end up with a potentially dangerous electrical fault.

Downgrade is not an option ITead has provided from the research I've been able to do. In fact, it's not even possible even if you did want to do a "hard wired" flash because ITead have not provided their firmware images. The speculation is that ITead basically has a custom image for each device that contains the device ID (i.e., ITEAD-1000xxxxx). That seems unlikely that they'd be compiling a separate image for thousands of devices. You would think they'd put that information in SPIFFS - flash one image and then configure the device ID (and API Key). Regardless of why, ITead has not many any firmware available. I've also seen posts where folks have made a backup of a firmware image off of a device and then can't even reflash that right back. Lots of speculation as to why.

[vacsibalint]

There is not possible to “hack” the new firmwares? There is always need to be a way to hack.. can not we watch what was changed in the new firmwares?

[meingraham]

From @mdopp

A special server certificate is needed. If any certificate would work (like in the past) or just a correct certificate would be needed (like one you could get from letsencrypt) it would just be a simple code change.

We don't have the certificate.

[vacsibalint]

Aaaand what is different of them, and our certificates? What really different of SSL certs? You have, or you do not. What sonoff firmware can read out from these?

[meingraham]

Full disclaimer - I have a very, very, very minimal understanding of this. But, from what I gather, the certificate is in essence a "secret codeword". Sonoff loads the codeword on their end (the device). In order for it to allow the conversation, you have to say the right codeword (i.e., the certificate). If you don't say the right thing, the Sonoff ignores you. Right now, apparently, we don't know the super secret handshake and code word ;-) And ITead doesn't want to let anybody into their secret society... at least not with their software. They are happy to let you flash someone else's.

[vacsibalint]

Hmm🤔 i will ask my webserver “professional” friends about this I just can not imagine how these works If the “key” is the SSL, and the endDevice is the sonoff, the sonoff can ready only what we too in a simple web browser. But this is only my opinion, i will reply there if we find any solution If you have any idea, where to search or where must we start, everything could help:)

[vacsibalint]

Do you have time to test with this cert? I have not got enough to start my pi, but i could succesfully generate and simulate the original SSL cert of eu-disp.coolkit.cc :) cert_test.zip

[meingraham]

These are the websites I found during my research. I'm not sure when each is used. Although I did find is some posts that sometimes loading failed if the configuration used one outside of your region. I suppose this is the reason the eWeLink app asks where you are during the setup. US: us-disp.coolkit.cc EU: eu-disp.coolkit.cc Asia: cn-disp.coolkit.cc

Yes, they all report as unsafe by Chrome. When I tell Chrome to proceed anyway, I get a blank page for the EU site. If I follow the US site, it display an OpenResty (openresty.org) welcome page. Apparently this is the software platform (NGINX & LuaJIT) eWeLink is using.

I don't know enough about certificates to know where to put it in the server "dialog"... nor do I have any NODE.js experience. I think we need to see if Michael (@mdopp) can jump in here.

[pevecyan]

I tried with certs @vacsibalint provided but it still doesn't connect to my sonoff server :/

[vacsibalint]

What if we add in /etc/hosts, that the coolkit.cc reroute the fake server ip? And if the sonoff tries to connect to coolkit, the fake server responds?

[vacsibalint]

I just found this page; https://eu-disp.coolkit.cc/dispatch/device

🤔🤔

[neural-loop]

Maybe you could put a note in the readme that the new devices have this problem? I spent about 5 hours trying every possible way to get it to work, and was getting the 200 response but the double blink. I reinstalled my raspberry and changed all my home network config trying to debug.

[caminati]

I think I am having the same problem. Is anybody aware of any workaround not requiring extra hardware? TIA

[CarlosGS]

Same problem here and same question :)

Related links for easier following: mirko/sonota#67 mirko/sonota#141 mirko/sonota#162 mirko/sonota#164