Http request node to https results in requesterror ssl alert

I migrated my Nodered flows from a stand alone container to a “home assistant addon”
Everything seems to work except an http request to an https site.
I tried to find a solution but except from a long closed thread on nodered github I don’t find any solution to this.

In the http request on my standalone container “enable secure connection” was disabled.
So I tried enabling this but there isn’t much I can configure nor is there any explaination what should be configured.
This seems to be just a client certificate (which I don’t need) and some other filters which I don’t need either.

The site (not exact url): https://web-api.tp.entsoe.eu

The error:
RequestError: write EPROTO D8D914775C7F0000:error:0A000458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1590:SSL alert number 112

I can’t reach that link in a browser. I can tell you I am on a http haos install and have no problem retrieving results from https sites. Have you tried another https source to see if this is consistent or just this site?

If I search this error I get results, not NR, but all pretty much point at a proxy problem.

Well maybe it’s geoblocked but you should get a “forbidden” message.
To be complete, tried google.com, same error
And there is no proxy, and it works an a standalone nodered

Could you try from home assistant using a restful command. To see if it is between HA and NR or HA and the internet

I mean… I have multiple cloud integrations so I reckon a REST call would work as well.
Unless this would go through some kind of proxy?

We won’t know if you don’t try. To use the rest call add to your configuration.yaml, use the address you are trying to reach.

rest_command:
  entsoe:
    url: https://request node site
    method: GET

then restart. Go to dev tools → services → search for entsoe and hit the call service button. The response from the site will appear below.

Some websites require extra header informations, like browser version.

This works fine, status 200 and I see the content.

If that were the case, it wouldn’t work on the standalone.
Even so, it’s an SSL error, this is before headers matter.

Have you changed anything in the settings.js file for NR? You can also try deleting the http node, deploy, drag out a new one. Other than that, I don’t know of anything else to try.

No, I did compare it now with the standalone but I don’t see anything strange or related to this issue.
I also never changed the standalone nodered settings.js.

Tried removing and adding but same error :frowning:

I don’t think it will be a different outcome but you can use an exec node. Use curl like you would on a command line.

curl works in exec… so what does this even mean?
Is nodered missing a package or something?

Or why does it say ssl3_read_bytes:tlsv1, I reckon it’s not using 1.2+ or some reason? but I don’t where I can configure that.

Experiencing similar issues here. Started happening after migrating to a new host (ubuntu 24.04) and updating nodered (to v3.1.9). Not sure which of the two actions could have caused it. Only http request work. Even for a website like google.com.

One cause to the error message might be missing SNI data when connection to a multi-host web server.
https://www.cloudflare.com/learning/ssl/what-is-sni/

So, this problem is not only with the http requests but also e-mailing

Error: D8594C9BFD7E0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:…/deps/openssl/openssl/ssl/record/ssl3_record.c:354:

This is definitely a name lookup issue.
Either with SNI data in your request or your DNS service in you Node Red setup.

DNS is not the issue.
SNI data… I mean ok, who can fix that? As it works in a standalone NodeRed docker…

I think this is related to the way HAOS layers containers. According to the docs NR addon uses/ssh for cert location and that can’t be changed. For example, when using shell commands, you need to create new certs in the config folder for them to work.

How does this apply here, I’m not sure. What you can do is download wire shark and monitor your HA IP and make the request. IIRC bounced https requests will be highlighted in black. You will be able to see what was sent and what the response was, from that you should be able to see exactly what is going on.

Edit: I am assuming that the HA stores ssl certs in the same location/level as the ssh certs, which is not accessible when running commands.

How is this related to cert location?
Even if it was, than curl wouldn’t work as well, which it does.
And even if I see what happens in wireshark, I’m not going to be able to fix it.
So who do I talk to? or where?