SSL Certificate Verify Failed

Bartem · July 3, 2019, 11:54pm

I know there are other posts about similar issues but I’m having trouble finding out what component is actually causing this. This started a few weeks ago but I kind of ignored it because nothing seemed broken. Unfortunately this started on a night I upgraded to Python 3.7, and the same night apple broke pyicloud… any help in how to narrow this down would be appreciated. Nothing actually stands out as being “broken” because of this but I also didn’t want to just suppress the message if something is broken that I just haven’t noticed yet.

2019-06-30 20:09:57 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed on verifying the certificate
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 625, in _on_handshake_complete
    raise handshake_exc
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)
2019-06-30 20:09:57 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error in data received
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 526, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/usr/local/lib/python3.7/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)

I also found this a few lines below…

2019-06-30 20:09:57 DEBUG (MainThread) [homeassistant.components.ssdp] Error fetching http://192.168.1.1:1990/WFADevice.xml: None
2019-06-30 20:09:57 DEBUG (MainThread) [homeassistant.components.ssdp] Error fetching https://192.168.1.11:8888: Cannot connect to host 192.168.1.11:8888 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)')]

That IP address is for my WinkHub 2 - but I’m not seeing anyone else using Wink mentioning a problem. I’ve tried disabling a few components and restarting but so far it’s still there. Aside from one by one removing integrations/removing items from my config does anyone know how I could narrow down the source of this error?

wmaker · July 4, 2019, 4:06pm

I have not encountered this problem (I’m running python 3.6) so I may be off track, but it appears that python 3.7 is more strict about the certificates. I found the following (not exactly your situation, but similar):
https://bugs.python.org/issue34440

In your situation, python is complaining about a self-signed certificate; which is usually OK, but maybe python 3.7 won’t allow it unless it “trusts” the certificate. I presume you are using self-signed??
One idea, is if you can run openssl on a linux command line is to issue the following:

$ openssl s_client -connect <your HA domain name or IP>:<your HA port number>

and see what what the results say.