Speed Test Still Not Working

Third party integrations
1

I’m using the speed test platform to do a speed test, but it hasn’t worked in some time. It was initially working, but stopped. It seemed to be related to a speedtest-cli and secure connections bug, so I sat tight… But still not working.

Does anyone have this working at this point? If so, where to start troubleshooting this? My configuration.yaml entry…

speedtestdotnet:
  server_id: 5113 # AT&T Washington, DC
  scan_interval:
    hours: 6
  monitored_conditions:
    - ping
    - download
    - upload

Thanks!

2

Working for me but I call it from an automation.

speedtestdotnet:
  manual: True

- id: speedtest_peak_time_check
  alias: 'Speedtest Peak Time Check'
  initial_state: true
  trigger:
  - platform: time
    at: '18:02:00'
  - platform: time
    at: '19:02:00'
  - platform: time
    at: '20:02:00'
  - platform: time
    at: '21:02:00'
  - platform: time
    at: '22:02:00'
  - platform: time
    at: '23:02:00'
  action:
    service: speedtestdotnet.speedtest
3

Even if I use the interface to manually call the service, nothing happens. The errors in the logs are…

Error doing job: Future exception was never retrieved

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/usr/local/lib/python3.7/site-packages/homeassistant/components/speedtestdotnet/__init__.py", line 73, in update
    speed = speedtest.Speedtest()
  File "/mnt/deps/lib/python3.7/site-packages/speedtest.py", line 1053, in __init__
    self.get_config()
  File "/mnt/deps/lib/python3.7/site-packages/speedtest.py", line 1085, in get_config
    raise ConfigRetrievalError(e)
speedtest.ConfigRetrievalError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)>
4

Try a different server.

5

Same. Still doesn’t work.

6

This is possibly due to Python 3.7 as it more restrictive on SSL verification than previous Python versions. Did you notice if your speedtest stopped working about the same time you upgraded to Python 3.7?

I was able to look up to see that the SSL certificate that is used by your OOKLA server was issued by an intermediate CA. It appears that Python is complaining it can not get the certificate of the intermediate CA…but when I run openssh (which I understand Python3.7 uses), it does not complain of any issues…so not sure why you’re getting the error :frowning:

If you have access to openssl on the same machine running HA, run the following:
openssl s_client -connect was.speedtest.sbcglobal.net:8080

7

I never use ssh as I have direct access to the shell of the FreeBSD Jail’s shell on my NAS box. Should I run some other variant of what you have there…?

8

whatever shell you have, enter that command (my mistake, its openssl not ssh).

9

It’s never failed for me.

speedtestdotnet:
  scan_interval: '00:30:00'
  monitored_conditions:
    - ping
    - download
    - upload

So I’m not specifying the server… but it works all the time.
image

10

Hi David, How to show speedtest result as your picture? It looks a very good one. Thanks in advance.

11

I have 2 kinds… the one in the above screenshot is the second ones using the custom card.

          - type: horizontal-stack
            cards:
              - type: gauge
                name: Mbit/s Download
                unit: ' '
                min: 0
                max: 50
                severity:
                  red: 0
                  yellow: 30
                  green: 40
                entity: sensor.speedtest_download
              - type: gauge
                name: Mbit/s Upload
                unit: ' '
                min: 0
                max: 20
                severity:
                  red: 0
                  yellow: 11
                  green: 15
                entity: sensor.speedtest_upload
          - type: custom:mini-graph-card
            hours_to_show: 24
            points_per_hour: 2
            entities:
              - sensor.speedtest_download
            show:
              labels: true
            color_thresholds:
              - value: 0
                color: "#ff0000"        #red
              - value: 30
                color: "#ffa500"        #orange
              - value: 40
                color: "#00ff00"        #green
          - type: custom:mini-graph-card
            hours_to_show: 24
            points_per_hour: 2
            entities:
              - sensor.speedtest_upload
            show:
              labels: true
            color_thresholds:
              - value: 0
                color: "#ff0000"        #red
              - value: 11
                color: "#ffa500"        #orange
              - value: 15
                color: "#00ff00"        #green
5 Likes
12

Stolen! Thanks :slight_smile:

1 Like
13

That’s the example from the docs.
I can see the sensors in entities, but their state remains unknown. Service call speedtestdotnet.speedtest does nothing, not even a string in the log… :\

1 Like
14

Thanks a lot, I’ve tried both two ways. They all look very good.

1 Like
15

Gives an error about being “unable to get local issuer certificate”. Is there something specific you need from all the output? I can’t copy/paste from the shell since I access it from over the network remotely…

At least I don’t know how to. LOL

16

When I run $ openssl s_client -connect was.speedtest.sbcglobal.net:8080
I get:

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = US, ST = Michigan, L = Southfield, O = "AT&T Services, Inc.", OU = ecommerce, CN = dfw.speedtest.sbcglobal.net
verify return:1

This is what I would expect to see when everything is working properly.
However the error you are getting should show up here as well, and reveal which issuer is failing.

17

It fails on the first step…

depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify error:num=20:unable to get local issuer certificate

Then it spits out a bunch more that I can’t figure how to copy/paste, but it looks like it prints a “chain” with “0” as “AT&T” and “1” as “Digicert” and then it prints out a certificate and the next line says “No client certificate CA names sent”… It just goes on like that, and ends with the error I mentioned.

I can’t remember exactly when I noticed it stop, but it was after a Home Assistant upgrade. I opened a ticket on GitHub at the time. Perhaps you can make sense of the back and forth here…

https://github.com/home-assistant/home-assistant/issues/21470

It seemed to be widespread, but I can’t make sense of all that is discussed there.

Thanks for helping me out… :+1:

18

It appears the “Root” Certificate is either not installed or not being pointed to correctly on your system.

Do the following:
$ openssl version -d
Should get something like:
OPENSSLDIR: "/usr/lib/ssl"

You may not get that exact directory, but whatever directory it returns, go to it.
then $ cd certs
look for file DigiCert_Global_Root_CA.pem
If it is not there, then see if any other certificates are there. If there are several other certificates present, then this one is simply missing. If there are not any, then some installation scenario didn’t work out…

19

Mine returned /etc/ssl as the directory, but it only has one file… openssl.cnf There is no certs directory or anything else in it… I am running these commands from the shell of the jail if that makes a difference.

Odd thing is worked up to a point… Unless the certs got removed during an upgrade somehow?

20

That’s likely the problem…but at this point I don’t know how to help any further :frowning: