Homematic integration doesn't work correctly with SSL

Configuration
1

Hello,

Sorry, my English is very bad, but I hope it’s okay for my simple questions.

I have a RaspberryMatic version 3.57.4 and a Home Assistant OS version 2021.4.3 on two RPI 3 b+. Normally both Raspberry Pi run with SSL, but the Homematic integration doesn’t work with SSL.

This is my configuration with disabled SSL on both RPI:

homematic:
  interfaces:
    ip:
      host: 192.168.178.72
      port: 2010
      resolvenames: json
      username: !secret hm_user
      password: !secret hm_pass
    rf:
      host: 192.168.178.72
      port: 2001
      resolvenames: json
      username: !secret hm_user
      password: !secret hm_pass
    groups:
      host: 192.168.178.72
      port: 9292
      resolvenames: json
      username: !secret hm_user
      password: !secret hm_pass
      path: /groups
  hosts:
     ccu3:
      host: 192.168.178.72
      username: !secret hm_user
      password: !secret hm_pass

The result is the connection to a HomeMatic IP thermostat:

hvac_modes:
  - auto
  - heat
  - 'off'
min_temp: 4.5
max_temp: 30.5
target_temp_step: 0.5
preset_modes:
  - boost
current_temperature: 22.8
temperature: 22
preset_mode: none
id: 000A18A123ABC6
interface: ip
battery: High
rssi_device: -34
valve: 4
level: 0.37
mode: null
voltage: 2.7
friendly_name: Heizung Spitzboden
supported_features: 17

When I activate SSL I have the following errors:

2021-04-11 19:46:43 DEBUG (Thread-3) [pyhomematic._hm] RPCFunctions.addDeviceNames
2021-04-11 19:46:43 DEBUG (Thread-3) [pyhomematic._hm] RPCFunctions.addDeviceNames: Getting names via JSON-RPC
2021-04-11 19:46:43 DEBUG (Thread-3) [pyhomematic._hm] RPCFunctions.jsonRpcPost: Method: Session.login
2021-04-11 19:46:43 DEBUG (Thread-3) [pyhomematic._hm] RPCFunctions.jsonRpcPost: API-Endpoint: http://192.168.178.72:80/api/homematic.cgi
2021-04-11 19:46:43 ERROR (Thread-3) [pyhomematic._hm] RPCFunctions.jsonRpcPost: Exception: <urlopen error [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1125)>

I have my own root CA in my network. Both RPIs have a correct certificate.

subject=C = DE, ST = NRW, O = Private, CN = homematic
issuer=C = DE, ST = NRW, O = Private, CN = fritz.box
X509v3 Subject Alternative Name:
DNS:homematic, DNS:homematic.fritz.box, DNS:192.168.178.72

subject=C = DE, ST = NRW, O = Private, CN = homeassistant
issuer=C = DE, ST = NRW, O = Private, CN = fritz.box
X509v3 Subject Alternative Name:
DNS:homeassistant, DNS:homeassistant.fritz.box, DNS:192.168.178.20

I don’t understand this issue. What can be the problem?

2

Sorry, i forgot the configuration for SSL:

homematic:
  interfaces:
    ip:
      host: 192.168.178.72
      port: 42010
      resolvenames: json
      username: !secret hm_user
      password: !secret hm_pass
      ssl: True
#    rf:
#      host: 192.168.178.72
#      port: 42001
#      resolvenames: json
#      username: !secret hm_user
#      password: !secret hm_pass
#      ssl: True
    groups:
      host: 192.168.178.72
      port: 49292
      resolvenames: json
      username: !secret hm_user
      password: !secret hm_pass
      ssl: True
      path: /groups
  hosts:
     ccu3:
      host: 192.168.178.72
      port: 42001
      username: !secret hm_user
      password: !secret hm_pass

In the ccu3 section I tested it without a port or with ports 443 and 42001. The result is always the same error:

2021-04-11 21:00:15 DEBUG (SyncWorker_0) [pyhomematic._hm] ServerThread.getAllSystemVariables: Getting all System variables via JSON-RPC
2021-04-11 21:00:15 DEBUG (SyncWorker_0) [pyhomematic._hm] RPCFunctions.jsonRpcPost: Method: Session.login
2021-04-11 21:00:15 DEBUG (SyncWorker_0) [pyhomematic._hm] RPCFunctions.jsonRpcPost: API-Endpoint: http://192.168.178.72:80/api/homematic.cgi
2021-04-11 21:00:15 ERROR (SyncWorker_0) [pyhomematic._hm] RPCFunctions.jsonRpcPost: Exception: <urlopen error [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1125)>
2021-04-11 21:00:15 WARNING (SyncWorker_0) [pyhomematic._hm] ServerThread.jsonRpcLogin: Unable to open session.

I don’t understand why does the integration use port 80?

3

I just wanna cry.

I have now looked at the code a little. . . okay . . it seems the solution is the jsonport variable.

That’s probably what the documentation says.

jsonport integer (optional)

Port of CCU JSON-RPC Server. The default is 80, but it may be different when running CCU virtually via Docker or with enabled SSL.

I have tested it:

  interfaces:
    ip:
      host: 192.168.178.72
      port: 42010
      resolvenames: json
      jsonport: 443
      username: !secret hm_user
      password: !secret hm_pass
      ssl: True
    rf:
      host: 192.168.178.72
      port: 42001
      resolvenames: json
      jsonport: 443
      username: !secret hm_user
      password: !secret hm_pass
      ssl: True
    groups:
      host: 192.168.178.72
      port: 49292
      resolvenames: json
      jsonport: 443
      username: !secret hm_user
      password: !secret hm_pass
      ssl: True
      path: /groups
  hosts:
     ccu3:
      host: 192.168.178.72
      port: 42001
      username: !secret hm_user
      password: !secret hm_pass

But the issue is still the same. :sob:

4

Sadly the port can’t be configured for the hosts section. The recent PR to add to option was rejected. You’ll have to live without SSL while there is no new integration for HomeMatic.

If you want to help with the new integration, have a look here.