Home Assistant Community

Endless InsecureRequestWarning errors with UniFi

#4

I’m using UniFi to track 3 cell phones. I have 3 APs deployed to cover my footprint.

#5

https://github.com/home-assistant/home-assistant/pull/10097 adds support for directly connecting to Unifi APs I only have one and I am not sure if it can support multiple APs but might be able to update it to allow this.

#6

I’d be willing to give it a shot if it works with multiple APs. Any idea how I might configure it to do so?

#7

So I don’t know how Home Assistant handles multiple instances of the same platform. The config is as follows.

device_tracker:
  - platform: unifi_direct
    host: 192.168.5.2
    username: USERNAME
    password: PASSWORD

It might be possible to do the following

device_tracker:
  - platform: unifi_direct
    host: 192.168.5.2
    username: USERNAME
    password: PASSWORD
  - platform: unifi_direct
    host: 192.168.5.3
    username: USERNAME
    password: PASSWORD
  - platform: unifi_direct
    host: 192.168.5.4
    username: USERNAME
    password: PASSWORD

You test this you need to create the following folder
PATH_TO_YOUR_HA_CONFIG/custom_components/device_tracker/

And then dump this file https://github.com/w1ll1am23/home-assistant/blob/df34139f5aca1d26455723d4c52147f13538f665/homeassistant/components/device_tracker/unifi_direct.py into that folder and restart.

If that doesn’t work I will need to make some updates to support multiple APs so you could do something like

device_tracker:
  - platform: unifi_direct
    hosts:
      - host: 192.168.5.2
        username: USERNAME
        password: PASSWORD
      - host: 192.168.5.3
        username: USERNAME
        password: PASSWORD
      - hosts: 192.168.5.3
        username: USERNAME
        password: PASSWORD
#8

Unifi component checks for valid https cert. If none exist you get this error if ssl set to false

EDIT
By valid I mean not Self Signed and from CA like letsencrypt

1 Like
#9

I’m not sure I understand, can you explain a bit? I have verify_ssl: false set in the UniFi configuration. This system is not exposed to the internet making LetsEncrypt a problem. I have a local CA which I use to issue certificates, which I’ve deployed to this system and which can be successfully verified (chained from UniFi to my CA) with openssl s_client -connect unifi.<mydomain>.net:9443

With some further research it appears that Python virtualenvs might not be pulling the list of CAs from the system.

#10

I somewhat misspoke.

Yes. It does not check cert because you set ssl_verify =false.

When you choose ssl_verify =false it gives error to say, “hey, you are doing something less secure than recommended and we want you to know this. You may ignore this message but do so at your own risk”.

If ssl_verify=true and using ssl cert signed by CA, this error will disappear. I did not test or verify but this is expected function and error cause as I understand it.

EDIT
You are logging into what is likely critical network security piece. You are providing credentials to unverified (could be spoofed but not likely) server. Verify_ssl=false is kind of a leap of faith.

#11

Sorry I misread part where you say you have own CA local.

In this case ssl_verify=true should be set I would believe. If not error will always appear

#12

That actually worked! I’m not sure why disabling verification would cause this degree of log spew, but enabling verification does now seem to be able to pick up my UniFi system’s cert and chain it to my CA (or if not, it’s stopped complaining about it). Either way my logs are back to their normal state, so thanks!

edit: ugh spoke too soon - that got rid of the errors by just not working at all, presumably as it’s failing the SSL check on account of not having and CAs defined.

#13

For reference, here is a live view of the log as this happens (until I reboot Hass or I run out of disk space again).

#14

After searching for what seems like forever, a definitive answer can be had.

Setting a ENV var
PYTHONWARNINGS="ignore:Unverified HTTPS request"
either at a system level, or at the execution level of hass, or injected into the docker run will quite these down

#15

I’m getting these errors too (running the unifi controller integration). Any idea how you inject that into a docker run?

#16

I eventually resolved the issue by utilizing LetsEncrypt certs on the unifi host. Now it has auto-renewing certs which are trusted by all (most?) clients and the result has been an end to the months of log spew it was previously creating.

#17

@davericher

I’m running Home Assistant and Unifi Controller in docker containers on a Synology DSM-918+.
Your answer was the only solution after reaching the end of the internet … :slight_smile:
Now the log is not spammed with Unifi messages, I don’t know if we just covered up the rust with fresh paint, but it sure did stop those messages from spamming the logs every 10 seconds.

Now I only have to deal with random but frequent “Timer got out of sync. Resetting” messages.

BIG Thank You.

1 Like
#18

Tried that but still get them :frowning:

al/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings

#19

Trying it with docker-compose and setting PYTHONWARNINGS=“ignore:Unverified HTTPS request” isn’t working for me. I entered the container and can see it set looking at export and set, but I still get that warning :frowning:

#20

[email protected]:~/.homeassistant/deps/lib/python3.6/site-packages/pyunifi# nano controller.py

add these lines just below last import

import urllib3
urllib3.disable_warnings()

and delete this lines

if ssl_verify is False:
warnings.simplefilter(“default”, category=requests.packages.
urllib3.exceptions.InsecureRequestWarning)

[email protected]:~/.homeassistant/deps/lib/python3.6/site-packages/pyunifi# rm -R pycache

this is from my notes …I do this and it gets rid of those errors

#21

Then restart

#22

Not sure if you found a solution or not, but I will leave for others…

When you set your PYTHONWARNINGS variable in your compose file, remove the " character. Removing mine also removed the double quotation in the environment variables.

#23

Thanks. I thought I tried that but still had the issue. I gave up and just put my Unifi behind my nginx reverse proxy. The OCD in me twitches at that, but, I have learned to live with it. :slight_smile: