After updating to 107.6 I lost all existing netatmo binary.sensors of course. The integration had been rewritten and binary.sensors were abandoned in favor of WebHooks.
That could have been ok if I could only get it to work. If I open port 80 directly from the internet (just for testing) everything works as it should. But as soon as inbound traffic to port 80 is routed through my Revers Proxy on 443 using Let’s Encrypt Certificates, it fails, and after some 5 fails, I’m banned by the Netatmo API. I can use CURL and Boomrang to send fake events (simulating Webhooks coming from Netatmo), and it gets through just as it should. I can tell by setting an event listener in HA.
Does anyone have any idea what the problem might be?
I’m thinking in terms of Certificate problems (?) or perhaps webhooks need some special rewrites in the proxy (Apache)?
Have anyone else been able to use Netatmo webhooks to pick up movement events (without exposing port 80 onto the internet - which is a dum thing to do) ?
Well, I’m not using Nginx but instead the Apache 2.4.37 which is installed with QTS 4.3.6
I’m not excluding the possibility of an incorrect proxy setting, but given the following facts:
I have 6 different Web based services running behind my Revers Proxy, and they all run just fine and are accessible remotely.
Webhook is plain HTTP and requires no special configurations.
Just to conclude this ordeal - in case someone else reads this thread.
I did manage to solve this in the end - with good assistance from @cgtobi. Here’s what happened; Prerequisite for the problem:I have everything running on various QNAP NAS’s
As it turns out, Let’s Encrypt Certificates generated using the built-in feature of the QNAP QTS works just fine for everything - except - WebHooks. I haven’t been able to figure out why. It just won’t work.
So, what I did was to install Jamie’s Nginx based Proxy Manager in a container using QNAP CS (My full How-To Guide can be found here: https://forum.qnap.com/viewtopic.php?f=354&t=155970). Then, from the Proxy Manager GUI it’s fairly easy to generate a Let’s Encrypt certificate. It may seem like an overly long detour, but it works. The certificate generated by the Proxy Manager can then be copied and used anywhere else.
The only obvious difference I noticed between the QNAP and the Nginx generated certificates, is that QNAP bundles key+certificate into a single file (stunnel.pem), while Nginx keeps them in separate files(fullchain.pem, keyfil.pem). I tried to manually split the QNAP generated stunnel.pem file into two separate files - after all, it’s just an ASCII file. But my attempt failed. I still do not know why, but at least now I have a system that works as intended.
If you have additional information that can enlighten (educate) me, please feel free.