Http: in configuration.yaml causes duckdns and login issues

ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-06-20 04:27:46 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
File “uvloop/sslproto.pyx”, line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
File “uvloop/sslproto.pyx”, line 484, in uvloop.loop.SSLProtocol._do_handshake
File “/usr/local/lib/python3.7/ssl.py”, line 763, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
core-ssh:/config#

Could you do us a favor and use the code tags properly on your posts? This stuff is hard to read

learning here. i will read up on that

Point 11 here: How to help us help you - or How to ask a good question

testing delete

crap. i guess that was personal

closing my ports and getting a new domain, ugh :slight_smile:

ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-06-20 04:27:46 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
core-ssh:/config#

Is your certificate correct? Did it get a certificate?

do I dare ask how do I know if it is correct or if it generated a certificate?

the duckdns log

# INFO: Using main config file /data/workdir/config

I should had said I just started again from the beginning and got a new domain.
i have this in the duckdns config

  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  },
  "token": "my_token",
  "domains": [
    "mydomain.duckdns.org"
  ],

and want to put this in teh configuration.yaml… again

http:
  base_url: https://mydomain.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

You would see the certificate files in the filepath…

I had a very similar problem. It had to do with self signed certificates and if your router has loopback capability.

My suggestion is to try a different browser on your locally connected computer…and accept any bypass they give you on security messages that come up. Safari wouldn’t work on my ipad…I had to install dnsmasq to even get it to work without SLL because my (FIOS/Arris) router doesn’t have NAT loopback.

I have chrome, firefox and microsoft edge, but I don’t recall which worked and which didn’t. I am now running without SSL because it just caused too many problems. I’ll get to implementing it some day.,

I do see certificate files (.pem) in the /ssl path. I do have an AT&T Arris router.

Can you give me some other hints on this statement that you sent?

I am curious if that means you have to connect using http: externally not https.

Did connecting locally ever work? i.e. https://my_ip:8123?

Again, once you tell HA to use a CERTIFICATE, you are telling it to use HTTPS only. HTTP will never work with that.

You should be able to connect locally, using https://localip:8123, no matter what. You will get a certificate error on your browser, but it should be accessible.

I have deleted the .pem files and recreated with the duckdns add on. all good there. as soon as I remove the # in front of the http in the configuration.yaml i can never connect again. not even locally. I think you nailed it as a certificate or browser issue but not sure what I can do about if I can’t even connect locally.

)
2019-06-20 21:13:30 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

I think you need to learn some of the forum.

Screenshots of previous comments are not necessary. You can highlight the comment and just hit “quote” when it pops up.

Of course not. Your system is crashing. As I asked earlier, are you sure your spacing is correct in your yaml? You seem to have skipped over that.

Because your HA isn’t working.

http:
  base_url: "https://mydomain.duckdns.org"
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

above is my yaml. Is there a spacing issue? I wouldn’t be surprised, so thanks. I only edited this portion so below the privkey line is a blank line followed by the default stuff that is in there.

Thanks for the quote tip.

After a bit of a delay on getting back to this I wanted to close this thread. I still get SSL certificate errors in the logs, but I am not sure if that is expected or not as I am logging in locally using https://my_ip:8123. I am able to log in remotely outside of my network. This was a huge help to those that pointed out that i had to turn my WiFi off and then try it from my cell (thank you). Looking back on this I may have had a space in the wrong spot in my .yaml as well because I did not change any content. I am a beginner so all possibilities are on the table. Additionally I do appreciate the comments on the forum basics.

Your certificate is only good for the domain name. If you access by IP, you will get a cert error.