Overkiz API and Somfy API

hi, how did you do ? thanks

Haha, no it is more that I donā€™t care at the moment if the certificate is checked or not as long as everything stays working. Somewhere in the code where the request to the API is being made there should be an option added like ā€˜verify=Falseā€™.

so basicly all we can do is wait for them to update the cert?

I will wait monday night for an answer from their support. If not, I will look for a fix.

Same problem here.

Additionally, when I visit their API page (here) and attempt to authenticate (clicking the link OAuth2.0 setā€¦) and click Authenticate on the oauth popup window, I get this error:

Error: access_token negotiation failure

same here on HA 0.105.5 in Docker
but it worked fine.
suddenly it stopped working so maybe most likely somfy changed the API?

I also had certificate errors on the somfy api
Studying the error s, mine is differentā€¦

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/urllib3/contrib/pyopenssl.py", line 485, in wrap_socket
    cnx.do_handshake()
  File "/usr/local/lib/python3.7/site-packages/OpenSSL/SSL.py", line 1934, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/usr/local/lib/python3.7/site-packages/OpenSSL/SSL.py", line 1671, in _raise_ssl_error
    _raise_current_error()
  File "/usr/local/lib/python3.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 360, in connect
    ssl_context=context,
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/local/lib/python3.7/site-packages/urllib3/contrib/pyopenssl.py", line 491, in wrap_socket
    raise ssl.SSLError("bad handshake: %r" % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/retry.py", line 436, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.somfy.com', port=443): Max retries exceeded with url: /api/v1/site (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/config_entries.py", line 215, in async_setup
    hass, self
  File "/usr/src/homeassistant/homeassistant/components/somfy/__init__.py", line 90, in async_setup_entry
    await update_all_devices(hass)
  File "/usr/src/homeassistant/homeassistant/components/somfy/__init__.py", line 162, in update_all_devices
    data[DEVICES] = await hass.async_add_executor_job(data[API].get_devices)
  File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/usr/local/lib/python3.7/site-packages/pymfy/api/somfy_api.py", line 61, in get_devices
    site_ids = [s.id for s in self.get_sites()] if site_id is None else [site_id]
  File "/usr/local/lib/python3.7/site-packages/pymfy/api/somfy_api.py", line 42, in get_sites
    r = self.get("/site")
  File "/usr/local/lib/python3.7/site-packages/pymfy/api/somfy_api.py", line 80, in get
    return self._request("get", path)
  File "/usr/local/lib/python3.7/site-packages/pymfy/api/somfy_api.py", line 123, in _request
    return getattr(self._oauth, method)(url, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 546, in get
    return self.request('GET', url, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests_oauthlib/oauth2_session.py", line 516, in request
    method, url, headers=headers, data=data, **kwargs
  File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.somfy.com', port=443): Max retries exceeded with url: /api/v1/site (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

haha oepsie!

Thinking about a solution for thisā€¦
could it be an option to add a configuration item to verify the certificate or not?
than you can easily add the configuration item and remove it when Somfy fixed the certificate againā€¦

Iā€™ve been trying to contact them via https://developer.somfy.com/contact, posted at Twitter, their FB page - no response yet. I have 9 window covers and without automations life is much harder :slight_smile:

Not renewing the certificate is kind of lame - it happens, but it should not happen. The Somfy-Tahoma box should have a local API in the first place - routing commands to my window covers via a server in another country is just asking for trouble, as with all other centralized IoT.

Did anyone ever try to fool Tahoma into operating in local network only? By setting a local service that mimics official endpoints?

Cheers,
Michal

1 Like

got an answer from somfy?

The only answer I got was from Somfy North America on Facebook. They said they will escalate this problem to the appropriate team.

Well, it looks to me Somfy is using https://docs.apigee.com/ to build their RESTful API.

Iā€™ve asked my local dealer to escalate this issue too. If the problem persists tomorrow I might start a warranty claim.

No answer on my side too, the guys behind https://developer.somfy.com/contact live in France. We are currently in quarantine, and a lot of people with child cannot work from home (like me).

Even, if we update the library to ignore the certificate error, their is still some issue remaining on their side. For instance, we cannot authenticate anymore, an error 500 is returned, it will be the same for the token renewal.

@michalf Great to see the FB community manager will try to escalate this.
What do you make thing they use https://docs.apigee.com?

About a local API, a lot of people want it. It would avoid situation like this. Some bought the Velux KLF 200 which can control the io-homecontrol devices locally.

Iā€™ve never try to spy the traffic incoming in the Tahoma, but I think about it more and more.

Just came back!!! Yesssss!!

1 Like

Indeed!

1 Like

i messaged the german somfy support on FB about 45 minutes ago. so i want to belive that they fixed it because of my message :smiley:

Is it possible to restart the integration without restarting home assistant?

You can remove it, and add it again. You will keep your entity_id.

Edit: I just try in their sandbox, I still cannot get an access tokenā€¦ So donā€™t remove your integration.

for me it worked with removing it, maybe i just had been lucky

Hello,
I just restarted Homeassistant it worked.

Still, the problem of dependence on external service remains. I wish the Tahoma box had a local APIā€¦ Although this issue has been resolved thankfully, a similar thing can happen any time. Even if your Internet is down HA cannot communicate with Tahoma.

Anyway, I am glad it works, thanks to Somfy for fixing it, and I hope there will be a local API to mitigate such issues (either official or through a hack).

Cheers
Michał

1 Like