Bizarre UI Access Issue

I upgraded to 0.87.1 tonight and now I have a very strange problem. Every time I attempt to access my web site (any URL) from outside via duckdns I get the following error in my log:

home-assistant   | 2019-02-13 20:09:50 ERROR (MainThread) [homeassistant.core] Error doing job:     SSL handshake failed
home-assistant   | Traceback (most recent call last):
home-assistant   |   File "uvloop/sslproto.pyx", line 499, in uvloop.loop.SSLProtocol._on_handshake_complete
home-assistant   |   File "uvloop/sslproto.pyx", line 483, in uvloop.loop.SSLProtocol._do_handshake
home-assistant   |   File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
home-assistant   |     self._sslobj.do_handshake()
home-assistant   | ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:852)

I can access it just fine using the internal network path. I can also access it just fine from Ariela using the duckdns URL. And I have IFTTT automations that trigger events via the duckdns path which are also working just fine.

I have deleted all state for the duckdns URL and still no joy. This happens from the Chromebook as well as my Mac. It also works from Safari on my Mac.

Any clues, please?

Turns out my SSL certificate was expired. Why this only failed for one specific kind of access is still a mystery.

Hi, i am having the same issue.
How did you update your certificate? it does not seem to be the one lets encrypt update? or maybe i need to have lets encrypt addon installed aswell as duckdns? i found that a little hard to understand since lets encrypt was added to duckdns addon.
I have uninstalled duckdns and made sure lets encrypt do a update, but still same issue.

I can access if i dont use duckdns adress.

Thanks

I had lets encrypt already set up. I just followed the let’s encrypt directions and copied the new certificate to the location in my configuration file

Do you mean this?

http:
  base_url: !secret http_url
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

I have this already and still have the same error.

This is the error i get:

Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN

15:11 /usr/local/lib/python3.7/site-packages/homeassistant/core.py (ERROR) - message first occured at 15:06 and shows up 23 times

Error doing job: SSL handshake failed

15:11 /usr/local/lib/python3.7/site-packages/homeassistant/core.py (ERROR) - message first occured at 15:06 and shows up 24 times

And when i look into duckdns addon it says my certificate ends in june so i dont know how to get this to work. And as i wrote earlier i have even reinstalled duckdns.
Internal network works, but as soon as i use duckdns-adress i get error, owntracks, reach frontend, tasker and so on wont work. Same with long lived token speaking to duckdns will not work.
Perhaps there is someone that can give me a hint on what to do.

thanks

I’m having the same issue with 90.1 and 90.2.
It isn’t there all the time, but for some periods.

http:
base_url: https://my_url.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

Hi,
Atleast i’m not alone with this error
For me it was static so i have sadly reverted to http only.

2019-03-29 16:32:13 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
File “uvloop/handles/stream.pyx”, line 609, in uvloop.loop.UVStream._on_eof
File “uvloop/sslproto.pyx”, line 171, in uvloop.loop._SSLPipe.feed_ssldata
File “/usr/local/lib/python3.7/ssl.py”, line 763, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: VERSION_TOO_LOW] version too low (_ssl.c:1056)
2019-03-29 16:32:13 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: VERSION_TOO_LOW
Traceback (most recent call last):
File “uvloop/sslproto.pyx”, line 504, in uvloop.loop.SSLProtocol.data_received
File “uvloop/sslproto.pyx”, line 204, in uvloop.loop._SSLPipe.feed_ssldata
File “uvloop/sslproto.pyx”, line 171, in uvloop.loop._SSLPipe.feed_ssldata
File “/usr/local/lib/python3.7/ssl.py”, line 763, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: VERSION_TOO_LOW] version too low (_ssl.c:1056)
2019-03-29 16:32:35 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
File “uvloop/handles/stream.pyx”, line 609, in uvloop.loop.UVStream._on_eof
File “uvloop/sslproto.pyx”, line 171, in uvloop.loop._SSLPipe.feed_ssldata
File “/usr/local/lib/python3.7/ssl.py”, line 763, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:1056)
2019-03-29 16:32:35 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: NO_SHARED_CIPHER
Traceback (most recent call last):
File “uvloop/sslproto.pyx”, line 504, in uvloop.loop.SSLProtocol.data_received
File “uvloop/sslproto.pyx”, line 204, in uvloop.loop._SSLPipe.feed_ssldata
File “uvloop/sslproto.pyx”, line 171, in uvloop.loop._SSLPipe.feed_ssldata
File “/usr/local/lib/python3.7/ssl.py”, line 763, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:1056)

I’m calling it a issue.
Still getting errors in my log.
The configuration isn’t that diffucult. Hopefully i’ve done nothing wrong

I agree, hope they find something

I have the same issue, upgraded to 90.2 and lost access to the UI.
I’m using a let’s encrypt wildcard cert

I was able to SSH in and this is what’s in the logs.
I don’t know why it’s looking for sslv3? It’s been deprecated years ago.

2019-04-01 16:56:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 16:56:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 16:56:29 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 16:56:29 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

Please do let the people also know in Github with your logfiles and configuration!
See https://github.com/home-assistant/home-assistant/issues/22625

Upgraded to 0.91.3 the other day, and this morning my https://domain.duckdns.org:8123 is dead. I can access via local IP if I ignore browser cert errors.

Trying to access the frontend on an external connection via duckdns, I get the following error instantly in my logs. Unable to connect to homeassistant in the browser.

Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

The DuckDNS add on says my cert is still in date.

Valid till Jun 22 11:38:14 2019 GMT Certificate will not expire
(Longer than 30 days). Skipping renew!

My hadashboard seems to still be working and my automations are firing as expected. I’m stumped.

I’ve found the solution:

1. Turn off DuckDns Add-on
2. Use DuckDns component
3. Use Let’s Encrypt add-on and generate new fullchain.pem and privkey.pem files.

Restart, done!

Can you write exact steps you made? Based on your points, it’s still not working for me. Thanks

I have the same issue, but not on HASSIO… how to fix it when running hassbian?

Hey Rosie,

I had the same issue. What worked for me (in hass.io) was to remove the duckdns component in the configuration.yaml and simply keep the settings for the duckdns add-on in 0.91.3.

Epic @igorovich664 worked perfectly!
Thnx so much for this, have been running http for weeks now

I have the same issue with hass.io 0.92.2 and 0.92.1 before. Let’s encrypt certificate is valid and I use duckdns but configured directly on my fritbox.

Error doing job: SSL handshake failed
Traceback (most recent call last):
File “uvloop/sslproto.pyx”, line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
File “uvloop/sslproto.pyx”, line 484, in uvloop.loop.SSLProtocol._do_handshake
File “/usr/local/lib/python3.7/ssl.py”, line 763, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

How could I fix it?