Enphase integration fails config with self signed SSL cert error

craigjtstewart · January 7, 2023, 10:48pm

When I try to configure the en phase envoy it auto discovers but on configure errors with self signed SSL cert error. How to resolve?
Logger: homeassistant.components.enphase_envoy.config_flow
Source: components/enphase_envoy/config_flow.py:42
Integration: Enphase Envoy (documentation, issues)
First occurred: 22:22:47 (11 occurrences)
Last logged: 22:38:15

Unexpected exception
Traceback (most recent call last):
File “/usr/src/homeassistant/homeassistant/components/enphase_envoy/config_flow.py”, line 150, in async_step_user
envoy_reader = await validate_input(self.hass, user_input)
File “/usr/src/homeassistant/homeassistant/components/enphase_envoy/config_flow.py”, line 42, in validate_input
await envoy_reader.getData()
File “/usr/local/lib/python3.10/site-packages/envoy_reader/envoy_reader.py”, line 136, in getData
await self.detect_model()
File “/usr/local/lib/python3.10/site-packages/envoy_reader/envoy_reader.py”, line 166, in detect_model
await self.get_serial_number()
File “/usr/local/lib/python3.10/site-packages/envoy_reader/envoy_reader.py”, line 218, in get_serial_number
full_serial = await self.get_full_serial_number()
File “/usr/local/lib/python3.10/site-packages/envoy_reader/envoy_reader.py”, line 228, in get_full_serial_number
response = await self._async_fetch_with_retry(
File “/usr/local/lib/python3.10/site-packages/envoy_reader/envoy_reader.py”, line 128, in _async_fetch_with_retry
return await client.get(url, timeout=30, **kwargs)
File “/usr/local/lib/python3.10/site-packages/httpx/_client.py”, line 1757, in get
return await self.request(
File “/usr/local/lib/python3.10/site-packages/httpx/_client.py”, line 1533, in request
return await self.send(request, auth=auth, follow_redirects=follow_redirects)
File “/usr/local/lib/python3.10/site-packages/httpx/_client.py”, line 1620, in send
response = await self._send_handling_auth(
File “/usr/local/lib/python3.10/site-packages/httpx/_client.py”, line 1648, in _send_handling_auth
response = await self._send_handling_redirects(
File “/usr/local/lib/python3.10/site-packages/httpx/_client.py”, line 1685, in _send_handling_redirects
response = await self._send_single_request(request)
File “/usr/local/lib/python3.10/site-packages/httpx/_client.py”, line 1722, in _send_single_request
response = await transport.handle_async_request(request)
File “/usr/local/lib/python3.10/site-packages/httpx/_transports/default.py”, line 353, in handle_async_request
resp = await self._pool.handle_async_request(req)
File “/usr/local/lib/python3.10/site-packages/httpcore/_async/connection_pool.py”, line 253, in handle_async_request
raise exc
File “/usr/local/lib/python3.10/site-packages/httpcore/_async/connection_pool.py”, line 237, in handle_async_request
response = await connection.handle_async_request(request)
File “/usr/local/lib/python3.10/site-packages/httpcore/_async/connection.py”, line 86, in handle_async_request
raise exc
File “/usr/local/lib/python3.10/site-packages/httpcore/_async/connection.py”, line 63, in handle_async_request
stream = await self._connect(request)
File “/usr/local/lib/python3.10/site-packages/httpcore/_async/connection.py”, line 150, in _connect
stream = await stream.start_tls(**kwargs)
File “/usr/local/lib/python3.10/site-packages/httpcore/backends/asyncio.py”, line 78, in start_tls
raise exc
File “/usr/local/lib/python3.10/site-packages/httpcore/backends/asyncio.py”, line 69, in start_tls
ssl_stream = await anyio.streams.tls.TLSStream.wrap(
File “/usr/local/lib/python3.10/site-packages/anyio/streams/tls.py”, line 122, in wrap
await wrapper._call_sslobject_method(ssl_object.do_handshake)
File “/usr/local/lib/python3.10/site-packages/anyio/streams/tls.py”, line 130, in _call_sslobject_method
result = func(*args)
File “/usr/local/lib/python3.10/ssl.py”, line 975, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:997)

TheNr1Guest · January 17, 2023, 4:28pm

I have the same problem. If I go to the IP adres of the discoverd Enphase device via a browser I also get a warning that the SSL certificate is not valid. I assume that is the problem the intergration is facing.

craigjtstewart · January 17, 2023, 6:21pm

Good to know, I was assuming it was the certificate of HA, but that sounds opposite.I wonder if it possible to get HA to “accept all certs”?

TheNr1Guest · January 18, 2023, 10:26am

From what I can gather on GitHub is that the new firmware is using a new undocumented authentication method which causes this problem:

github.com/home-assistant/core

Integration: Enphase Envoy - Unexpected error

opened 09:22PM - 25 Dec 21 UTC

closed 02:45AM - 26 Apr 22 UTC

mbalfour

integration: enphase_envoy stale

### The problem I just got a new Enphase Envoy installed at my house. I'm tryi…ng to set it up in Home Assistant, but get "Unexpected error". Home Assistant: v2021.12.5 Steps: 1. Configuration->Devices and Services->Add Integration 2. Select "Enphase Envoy" 3. Select my Envoy in the provided list 4. Press "Submit" with the default username and password 5. Home Assistant prints "Unexpected error" on the username / password screen. From looking at the logs, my best guess is that envoy_reader needs to be updated to ignore SSL verification results. ### What version of Home Assistant Core has the issue? core-2021.12.5 ### What was the last working version of Home Assistant Core? _No response_ ### What type of installation are you running? Home Assistant OS ### Integration causing the issue Enphase Envoy ### Link to integration documentation on our website _No response_ ### Example YAML snippet _No response_ ### Anything in the logs that might be useful for us? ```txt 2021-12-25 14:45:59 ERROR (MainThread) [homeassistant.components.enphase_envoy.config_flow] Unexpected exception Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/components/enphase_envoy/config_flow.py", line 168, in async_step_user envoy_reader = await validate_input(self.hass, user_input) File "/usr/src/homeassistant/homeassistant/components/enphase_envoy/config_flow.py", line 46, in validate_input await envoy_reader.getData() File "/usr/local/lib/python3.9/site-packages/envoy_reader/envoy_reader.py", line 136, in getData await self.detect_model() File "/usr/local/lib/python3.9/site-packages/envoy_reader/envoy_reader.py", line 166, in detect_model await self.get_serial_number() File "/usr/local/lib/python3.9/site-packages/envoy_reader/envoy_reader.py", line 218, in get_serial_number full_serial = await self.get_full_serial_number() File "/usr/local/lib/python3.9/site-packages/envoy_reader/envoy_reader.py", line 228, in get_full_serial_number response = await self._async_fetch_with_retry( File "/usr/local/lib/python3.9/site-packages/envoy_reader/envoy_reader.py", line 128, in _async_fetch_with_retry return await client.get(url, timeout=30, **kwargs) File "/usr/local/lib/python3.9/site-packages/httpx/_client.py", line 1736, in get return await self.request( File "/usr/local/lib/python3.9/site-packages/httpx/_client.py", line 1513, in request return await self.send(request, auth=auth, follow_redirects=follow_redirects) File "/usr/local/lib/python3.9/site-packages/httpx/_client.py", line 1600, in send response = await self._send_handling_auth( File "/usr/local/lib/python3.9/site-packages/httpx/_client.py", line 1628, in _send_handling_auth response = await self._send_handling_redirects( File "/usr/local/lib/python3.9/site-packages/httpx/_client.py", line 1665, in _send_handling_redirects response = await self._send_single_request(request) File "/usr/local/lib/python3.9/site-packages/httpx/_client.py", line 1702, in _send_single_request response = await transport.handle_async_request(request) File "/usr/local/lib/python3.9/site-packages/httpx/_transports/default.py", line 291, in handle_async_request resp = await self._pool.handle_async_request(req) File "/usr/local/lib/python3.9/site-packages/httpcore/_async/connection_pool.py", line 248, in handle_async_request raise exc File "/usr/local/lib/python3.9/site-packages/httpcore/_async/connection_pool.py", line 232, in handle_async_request response = await connection.handle_async_request(request) File "/usr/local/lib/python3.9/site-packages/httpcore/_async/connection.py", line 90, in handle_async_request raise exc File "/usr/local/lib/python3.9/site-packages/httpcore/_async/connection.py", line 67, in handle_async_request stream = await self._connect(request) File "/usr/local/lib/python3.9/site-packages/httpcore/_async/connection.py", line 146, in _connect stream = await stream.start_tls(**kwargs) File "/usr/local/lib/python3.9/site-packages/httpcore/backends/asyncio.py", line 62, in start_tls ssl_stream = await anyio.streams.tls.TLSStream.wrap( File "/usr/local/lib/python3.9/site-packages/anyio/streams/tls.py", line 94, in wrap await wrapper._call_sslobject_method(ssl_object.do_handshake) File "/usr/local/lib/python3.9/site-packages/anyio/streams/tls.py", line 102, in _call_sslobject_method result = func(*args) File "/usr/local/lib/python3.9/ssl.py", line 944, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129) ``` ### Additional information Possibly related to https://github.com/home-assistant/core/issues/60109 . It looks like there was a different problem happening recently that resulted in envoy_reader getting updated to support newer versions of httpx. Maybe the SSL default settings changed in the version bump as well?

github.com/home-assistant/core

Enphase Envoy integration doesn't work with 7.x firmware

opened 07:43PM - 30 Sep 22 UTC

ssg

integration: enphase_envoy

### The problem Enphase Envoy integration uses "username/password" authenticati…on which was deprecated in 7.x firmware. The new method requires authentication tokens instead. For API clients that still rely on username/password, there is an alternative "use this username instead" mode in the new Enlighten app which provides a long hex pseudo-username as a token, but HA integration doesn't work with that either. The documentation doesn't mention post-7.x authentication methods either. ### What version of Home Assistant Core has the issue? core-2022.9.7 ### What was the last working version of Home Assistant Core? _No response_ ### What type of installation are you running? Home Assistant OS ### Integration causing the issue enphase_envoy ### Link to integration documentation on our website https://www.home-assistant.io/integrations/enphase_envoy ### Diagnostics information _No response_ ### Example YAML snippet _No response_ ### Anything in the logs that might be useful for us? _No response_ ### Additional information _No response_

Some people are having success with custom integrations mentioned in the second link. I’m still hoping the official one will be patched one day. For now it just seems broken.

craigjtstewart · January 18, 2023, 7:51pm

Yes, look like we have to wait for the integration to be updated. Here is the documentation of that change. I was able to get the token for my system, but the API requests in the integration need to be updated.
https://store-d9.enphase.com/download/iq-gateway-access-using-token-tech-brief

lulu91 · January 24, 2023, 5:00pm

how did you get the token ? my list is empty

craigjtstewart · January 24, 2023, 6:34pm

Enter the name of your system from the app, then the drop-down is populated.

lulu91 · January 25, 2023, 11:33am

indeed thanks !

holstweb · February 23, 2023, 6:38pm

Here to follow a bit to see if there are updates. For others who are struggling with “the name of your system” like me: It was my own name. Start typing slowly and the system will show you.

xsnoopy · May 26, 2023, 3:35pm

Following, I also get a certificate error.