ThinkingCleaner: SSL: CERTIFICATE_VERIFY_FAILED

Configuration
1

Hi there,

I have Home Assistant 0.42.3 running on a Raspberry Pi 3 with Hassbian. I’m using the ThinkingCleaner component to control my Roomba robot hoover. After upgrading to 0.42.3 i noticed some errors from the component in the log. The ThinkingCleaner (both switch and sensor) are not showing up in the frontend.

17-04-14 00:53:03 ERROR (MainThread) [homeassistant.components.sensor] Error while setting up platform thinkingcleaner
  Traceback (most recent call last):
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 600, in urlopen
      chunked=chunked)
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 345, in _make_request
      self._validate_conn(conn)
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 844, in _validate_conn
      conn.connect()
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/packages/urllib3/connection.py", line 326, in connect
      ssl_context=context)
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/packages/urllib3/util/ssl_.py", line 324, in ssl_wrap_socket
      return context.wrap_socket(sock, server_hostname=server_hostname)
    File "/usr/lib/python3.4/ssl.py", line 364, in wrap_socket
      _context=self)
    File "/usr/lib/python3.4/ssl.py", line 577, in __init__
      self.do_handshake()
    File "/usr/lib/python3.4/ssl.py", line 804, in do_handshake
      self._sslobj.do_handshake()
  ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/adapters.py", line 423, in send
      timeout=timeout
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 630, in urlopen
      raise SSLError(e)
  requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
    File "/srv/homeassistant/lib/python3.4/site-packages/homeassistant/helpers/entity_component.py", line 153, in _async_setup_platform
      entity_platform.schedule_add_entities, discovery_info
    File "/usr/lib/python3.4/asyncio/futures.py", line 388, in __iter__
      yield self  # This tells Task to wait for completion.
    File "/usr/lib/python3.4/asyncio/tasks.py", line 286, in _wakeup
      value = future.result()
    File "/usr/lib/python3.4/asyncio/futures.py", line 277, in result
      raise self._exception
    File "/usr/lib/python3.4/concurrent/futures/thread.py", line 54, in run
      result = self.fn(*self.args, **self.kwargs)
    File "/srv/homeassistant/lib/python3.4/site-packages/homeassistant/components/sensor/thinkingcleaner.py", line 61, in setup_platform
      devices = discovery.discover()
    File "/home/homeassistant/.homeassistant/deps/pythinkingcleaner/discovery.py", line 11, in discover
      response = requests.get(url=DISCOVERY_URL)
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/api.py", line 70, in get
      return request('get', url, params=params, **kwargs)
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/api.py", line 56, in request
      return session.request(method=method, url=url, **kwargs)
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/sessions.py", line 488, in request
      resp = self.send(prep, **send_kwargs)
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/sessions.py", line 609, in send
      r = adapter.send(request, **kwargs)
    File "/srv/homeassistant/lib/python3.4/site-packages/requests/adapters.py", line 497, in send
      raise SSLError(e, request=request)
  requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

I have my frontend running on HTTPS with a certificate generated by Let’s Encrypt (Certbot), but I don’t think that’s related. I checked the pythinkingcleaner that I believe is being used and it seems to use the address http://[IP-of-Roomba]/ (with not https). I verified that my roomba is in fact running on the IP address and I can send JSON commands to it without problems.

I don’t know which certificate it’s failing to verify. Can anybody offer some help?

2

I dug into this and found out that the repo pythinkingcleaner is being used to talk to the Roomba. This repo does discover on the url https://thinkingsync.com/api/v1/discover/devices. On this server the SSL certificate seems to be broken which is what causing the trouble. Using the url http://thinkingsync.com/api/v1/discover/devices (without http) works fine as testing. It’s of course not preferred to not use https. I have written to ThinkingCleaner and asked them to upgrade their certificate.

1 Like
3

Yup.

The certificate expired on Wednesday, April 12, 2017 19:59 PM. The current time is Saturday, April 15, 2017 13:23 PM.

4

Folks,
I am still seeing a similar issue right now with my ThinkingCleaner component. It’s showing that the entity is not available. I am assuming that it’s a similar situation as the one that we have seen above. Anyone else having issues? Is there a way to turn this into a custom component with an “hhtp:” link instead of the "https:’?

5

Wondering if there is a way that we can raise this issue back to the Dev Team.

I am hoping that I am not alone with this issue, but I haven’t been able to operate my vacuum for 2 weeks now. The certificate at ThinkingCleaner has expired on Friday November 29th.
I had opened an issue on Github: Thinkingcleaner Component - SSL Connection Issue #26171 and seems like someone had started doing some work on it: Add host variable to thinkingcleaner switch and sensor to work around… #22003 . But it never was merged or put in production.
Also with the idea of moving everything local, I would think that it would make sense to do local configuration and we wouldn’t have to depend on thinkingcleaner to renew their certs.