Updating a http sensor via curl is running fine…
curl -k -X POST -H "x-ha-access: mySecretAPIPassword" -H "Content-Type: application/json" -d '{"state": "home", "attributes": {"friendly_name": "Ort Andreas"}}' https://hass.example.com:8123/api/states/sensor.ort_andreas
…But triggering the same sensor via RESTask Tasker plugin from an android phone throws an certificate unknown error:
2018-07-22 19:02:22 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:841)
2018-07-22 19:02:23 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:841)
2018-07-22 19:02:32 ERROR (MainThread) [homeassistant.core] Error doing job: Task was destroyed but it is pending!
Debug log doesn’t provide any additional logging for this event unfortunately.
I don’t want to rule out, that my RESTask action is misconfigured somehow, but I don’t think, the header and body configuration is relevant anyways, as the ssl session already fails on handshake, so no headers are sent at this point.
When calling the URL from a browser on the android device, the ssl session is established fine. But of course an 401 error is returned because of the missing x-ha-access header in the request.
To be honest, I don’t understand this error at all. The only SSL certificate involved in this session should be the servers own web server certificate, which shoudn’t need to be verified, when an incoming http request is served…
Is this just a misleading error message hiding some problem with f.e. wrong TLS versions or ciphers used by the client?
Just for the record: Yes, I’m using a valid SSL certificate for my HA instance. The URL can be accessed internally and externally without certificate warnings.