Log Error: SSL handshake failed

RonJ103 · January 21, 2019, 12:39am

I have the following error in my log file. I have no idea what the issue is here or what I should be doing to fix it. Any ideas?

2019-01-20 19:31:49 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:841)
2019-01-20 19:31:49 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: NO_SHARED_CIPHER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:841)

tom_l · January 21, 2019, 12:58am

There’s an epic thread about this. In short: no one knows why this keeps happening.

thermseekr · June 5, 2019, 12:44am

Hi there,

Check file permissions at /ssl with the command ls -l /ssl. If they are like this:

-rw-------    1 root     root          3921 Jun  3 22:10 fullchain.pem
-rw-------    1 root     root          3247 Jun  3 22:10 privkey.pem

Then execute the following commands:

chmod 755 /ssl/fullchain.pem
chmod 755 /ssl/privkey.pem

This will give root execute permission, and read/execute permissions to all other users. For some reason permissions are very restrictive - only read/write to root and none to other users when files are generated by DuckDNS/Let’s Encrypt plugin.

Worked for me and for a number of people on the epic topic mentioned by @tom_l

Codec303 · June 5, 2019, 6:03am

There’s also a few issues releated to this on github here, this being the most recent:

https://github.com/home-assistant/home-assistant/issues/17639

There are various solutions but none of them worked for me, in the end I turned SSL off in HA and now use NGINX to add SSL using reverse proxy.

tom_l · June 5, 2019, 11:25am

@thermseekr Unfortunately that did not work for me.

drewg · July 14, 2019, 6:03am

I had the same issue but i noticed the files that @thermseekr mentioned were symbolic links and the files they linked to did not have the same permissions as the symbolic links. So i ran the code for the other generated files and I was good to go. Seems homeassistant can’t read the cert files.

Maybe it is not the same on your setup but that is what resolved the same error for me. I followed this post minus the nginx setup because cox blocks port 80 and I have to do a 443 only call.

ScholliYT · July 24, 2019, 3:00pm

Worked for me. Still getting SSL_ERROR_BAD_CERT_DOMAIN but seems to work.