Google TTS and SSL

klogg · November 18, 2018, 1:17pm

Now, I know that there are other threads on this but none of them solved my problem.

I have just reinstated SSL certificates which I get on hassio from the DuckDNS add-on but I don’t use DuckDNS for anything else at the moment as I am not open to the Internet.

Google TTS has stopped working. Does anyone know how I can make it work again with SSL?

I have the following:

tts:
  - platform: google
    language: 'en-uk'


http:
  base_url: !secret base_url
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

In my secrets I have

base_url: https://192.168.1.25:8123

But I get the following errors when using Google TTS

Log Details (ERROR)
Sun Nov 18 2018 13:00:15 GMT+0000 (Greenwich Mean Time)

Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:841)

and

Log Details (ERROR)
Sun Nov 18 2018 13:00:14 GMT+0000 (Greenwich Mean Time)

Error doing job: SSL error errno:1 reason: SSLV3_ALERT_BAD_CERTIFICATE
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:841)

anon43302295 · November 18, 2018, 1:51pm

I’m presuming it’s a letsencrypt certificate? If so the https request has to come via the named domain, you can’t use ip addresses.

klogg · November 18, 2018, 3:09pm

I see, thanks.
Does that mean hassio with SSL running without any port forwarding cannot work with Google TTS?

I have removed it and TTS works so I suppose I will have to live without it.
Although it does seem to go against what we are ‘supposed’ to be doing.

anon43302295 · November 18, 2018, 3:42pm

No, but you’ll need some kind of dns on your network to translate the name to the ip address.

SSL is really only really beneficial for remote connections anyway, unless your internal setup is significantly different to others’ homes

klogg · November 18, 2018, 4:04pm

Ok, that’s fine, I kinda thought that but just had a paranoid moment.

Thanks for your help as always.