hi, how did you do ? thanks
Haha, no it is more that I don’t care at the moment if the certificate is checked or not as long as everything stays working. Somewhere in the code where the request to the API is being made there should be an option added like ‘verify=False’.
so basicly all we can do is wait for them to update the cert?
I will wait monday night for an answer from their support. If not, I will look for a fix.
Same problem here.
Additionally, when I visit their API page (here) and attempt to authenticate (clicking the link OAuth2.0 set…) and click Authenticate on the oauth popup window, I get this error:
Error: access_token negotiation failure
same here on HA 0.105.5 in Docker
but it worked fine.
suddenly it stopped working so maybe most likely somfy changed the API?
I also had certificate errors on the somfy api
Studying the error s, mine is different…
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/urllib3/contrib/pyopenssl.py", line 485, in wrap_socket
cnx.do_handshake()
File "/usr/local/lib/python3.7/site-packages/OpenSSL/SSL.py", line 1934, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/local/lib/python3.7/site-packages/OpenSSL/SSL.py", line 1671, in _raise_ssl_error
_raise_current_error()
File "/usr/local/lib/python3.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
chunked=chunked,
File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 360, in connect
ssl_context=context,
File "/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/local/lib/python3.7/site-packages/urllib3/contrib/pyopenssl.py", line 491, in wrap_socket
raise ssl.SSLError("bad handshake: %r" % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/usr/local/lib/python3.7/site-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.somfy.com', port=443): Max retries exceeded with url: /api/v1/site (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/src/homeassistant/homeassistant/config_entries.py", line 215, in async_setup
hass, self
File "/usr/src/homeassistant/homeassistant/components/somfy/__init__.py", line 90, in async_setup_entry
await update_all_devices(hass)
File "/usr/src/homeassistant/homeassistant/components/somfy/__init__.py", line 162, in update_all_devices
data[DEVICES] = await hass.async_add_executor_job(data[API].get_devices)
File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.7/site-packages/pymfy/api/somfy_api.py", line 61, in get_devices
site_ids = [s.id for s in self.get_sites()] if site_id is None else [site_id]
File "/usr/local/lib/python3.7/site-packages/pymfy/api/somfy_api.py", line 42, in get_sites
r = self.get("/site")
File "/usr/local/lib/python3.7/site-packages/pymfy/api/somfy_api.py", line 80, in get
return self._request("get", path)
File "/usr/local/lib/python3.7/site-packages/pymfy/api/somfy_api.py", line 123, in _request
return getattr(self._oauth, method)(url, **kwargs)
File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/usr/local/lib/python3.7/site-packages/requests_oauthlib/oauth2_session.py", line 516, in request
method, url, headers=headers, data=data, **kwargs
File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.somfy.com', port=443): Max retries exceeded with url: /api/v1/site (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
haha oepsie!
Thinking about a solution for this…
could it be an option to add a configuration item to verify the certificate or not?
than you can easily add the configuration item and remove it when Somfy fixed the certificate again…
I’ve been trying to contact them via https://developer.somfy.com/contact, posted at Twitter, their FB page - no response yet. I have 9 window covers and without automations life is much harder 
Not renewing the certificate is kind of lame - it happens, but it should not happen. The Somfy-Tahoma box should have a local API in the first place - routing commands to my window covers via a server in another country is just asking for trouble, as with all other centralized IoT.
Did anyone ever try to fool Tahoma into operating in local network only? By setting a local service that mimics official endpoints?
Cheers,
Michal
1 Like
got an answer from somfy?
The only answer I got was from Somfy North America on Facebook. They said they will escalate this problem to the appropriate team.
Well, it looks to me Somfy is using https://docs.apigee.com/ to build their RESTful API.
I’ve asked my local dealer to escalate this issue too. If the problem persists tomorrow I might start a warranty claim.
No answer on my side too, the guys behind https://developer.somfy.com/contact live in France. We are currently in quarantine, and a lot of people with child cannot work from home (like me).
Even, if we update the library to ignore the certificate error, their is still some issue remaining on their side. For instance, we cannot authenticate anymore, an error 500 is returned, it will be the same for the token renewal.
@michalf Great to see the FB community manager will try to escalate this.
What do you make thing they use https://docs.apigee.com?
About a local API, a lot of people want it. It would avoid situation like this. Some bought the Velux KLF 200 which can control the io-homecontrol devices locally.
I’ve never try to spy the traffic incoming in the Tahoma, but I think about it more and more.
Just came back!!! Yesssss!!
1 Like
i messaged the german somfy support on FB about 45 minutes ago. so i want to belive that they fixed it because of my message 
Is it possible to restart the integration without restarting home assistant?
You can remove it, and add it again. You will keep your entity_id.
Edit: I just try in their sandbox, I still cannot get an access token… So don’t remove your integration.
for me it worked with removing it, maybe i just had been lucky
Hello,
I just restarted Homeassistant it worked.
Still, the problem of dependence on external service remains. I wish the Tahoma box had a local API… Although this issue has been resolved thankfully, a similar thing can happen any time. Even if your Internet is down HA cannot communicate with Tahoma.
Anyway, I am glad it works, thanks to Somfy for fixing it, and I hope there will be a local API to mitigate such issues (either official or through a hack).
Cheers
Michał
1 Like