SSL Errors wrong version number?

Martin_Granger · November 12, 2018, 11:45am

Running Hassio and Duckdns. I’m getting these errors - any ideas?:

Mon Nov 12 2018 11:11:22 GMT+0000 (Greenwich Mean Time)

Error doing job: SSL error errno:1 reason: WRONG_VERSION_NUMBER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)


Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)

ThePapaMaan · November 23, 2018, 11:24pm

Same here. Several versions now. A lot of these posts in the forum without answers @balloob. Any pointers?? Intermediate don’t work.

AcidSleeper · November 28, 2018, 10:14am

Same here!

Solution?

Martin_Granger · November 28, 2018, 10:25am

Nothing yet - everything seems to work for me (as in I can access from outside my network) but in reality, I have no idea how secure I am!

Buhi · November 29, 2018, 7:13am

Hi there.

@ThePapaMaan @AcidSleeper I think i have found out the problem.
Fist deactivate the Multi-factor Authentication Modules on the GUI. Then setup everything for SSL. And then activate again the Multi-factor Authentication Modules. Then it works like a charm.
My suggestion is that the generated QR Code has the http: link inside and not the https:.
Does it work for you guys?

Martin_Granger · November 29, 2018, 10:22am

Not sure I get you?? I don’t even have multi factor running.

AcidSleeper · December 2, 2018, 4:48pm

No I dont have that!

ThePapaMaan · December 5, 2018, 9:46am

I don’t use MFA (yet). Still getting the errors with 83.2. Nothing in 83.3 hints to any fix related to ssl.

mcfarlde · December 17, 2018, 1:19am

I have the same errors, seems to have started around version 83.

kajmaj · December 20, 2018, 8:31am

The same issue here. Version 83.3, no MFA running.

Schneider · December 20, 2018, 9:34am

Hello guys!

All my SSL errors has stop after installing the addon NGINX. I believe these errors came from local machines accessing Hassio over a browser using HTTPS. Since there is no certificate on LAN I’ve always got errors on Chrome.

Please give it a try! Just install NGINX, use this settings:

{
  "domain": "yourddns.duckdns.org",
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "hsts": "max-age=31536000; includeSubDomains",
  "customize": {
    "active": false,
    "default": "nginx_proxy_default*.conf",
    "servers": "nginx_proxy/*.conf"
  }
}

Don’t forget to take these lines out from the http component:

#ssl_certificate: /ssl/fullchain.pem
#ssl_key: /ssl/privkey.pem

Don’t worry, it takes a long time to start the addon for the first time. Like 2 to 5 minutes, just wait for it.

You can now access your local HASSIO machine without HTTPS and still use SSL outside your home network.

Works great now, good luck!

kajmaj · January 6, 2019, 7:12am

After NGINX installation I’ve entered your config where I’ve changed duckdns address only.
When I pressed save, this error message popped up above the setting window:

not a valid value for dictionary value @ data['options']. Got {'domain': 'myweb.duckdns.org', 'certfile': 'fullchain.pem', 'keyfile': 'privkey.pem', 'hsts': 'max-age=31536000; includeSubDomains', 'customize': {'active': False, 'default': 'nginx_proxy_default*.conf', 'servers': 'nginx_proxy/*.conf'}}

And this warnig in the HASSIO Syslem log:

19-01-06 06:59:47 WARNING (MainThread) [hassio.addons.validate] Unknown options domain
19-01-06 06:59:47 WARNING (MainThread) [hassio.addons.validate] Unknown options certfile
19-01-06 06:59:47 WARNING (MainThread) [hassio.addons.validate] Unknown options keyfile
19-01-06 06:59:47 WARNING (MainThread) [hassio.addons.validate] Unknown options hsts
19-01-06 06:59:47 WARNING (MainThread) [hassio.addons.validate] Unknown options customize

Schneider · January 6, 2019, 7:44pm

Hello sir! Have you commented the lines about ssl certificates on HTTP component?

#ssl_certificate: /ssl/fullchain.pem
#ssl_key: /ssl/privkey.pem

Martin_Granger · January 8, 2019, 12:01pm

Gave that a blast and ended up with no GUI
CORRECTION - could only access locally

Schneider · January 8, 2019, 12:12pm

Hello. That is odd. Have checked your syntax? No errors? These lines does not brake the GUI, only HTTP SSL certificates. Can you access it over LAN? Is your NGINX server running?

Martin_Granger · January 8, 2019, 12:17pm

Should I continue to have the duckdns add-on running too?

Schneider · January 8, 2019, 12:29pm

Yes sir. It needs to create the certificates but NGINX will now handle them.

Martin_Granger · January 8, 2019, 12:30pm

I just restored, so I’ll give it another blast.

Martin_Granger · January 8, 2019, 12:48pm

So I can access it locally, but not using the duckdns url?

Martin_Granger · January 8, 2019, 12:56pm

Getting this error in the logs:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 242, in data_received
    messages, upgraded, tail = self._request_parser.feed_data(data)
  File "aiohttp/_http_parser.pyx", line 523, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: invalid HTTP method