Weird ssl errors from Honeywell

fletch101e · December 8, 2020, 1:15am

I spent the afternoon removing wink from my system. It used to do the thermostat for me so now trying to get the “built in” version working. i get 2 error message one that my password or username is wrong and also this error afterwords:

Failed to initialize the Honeywell client: Check your configuration (username, password), or maybe you have exceeded the API rate limit?

Logger: urllib3.connection
Source: /usr/local/lib/python3.8/site-packages/urllib3/connection.py:510
First occurred: 7:07:10 PM (1 occurrences)
Last logged: 7:07:10 PM

Certificate did not match expected hostname: www.mytotalconnectcomfort.com. Certificate: {‘subject’: (((‘countryName’, ‘US’),), ((‘stateOrProvinceName’, ‘Minnesota’),), ((‘localityName’, ‘Golden Valley’),), ((‘organizationName’, ‘Resideo Technologies, Inc’),), ((‘commonName’, ‘mytotalconnectcomfort.com’),)), ‘issuer’: (((‘countryName’, ‘US’),), ((‘organizationName’, ‘DigiCert Inc’),), ((‘organizationalUnitName’, ‘www.digicert.com’),), ((‘commonName’, ‘DigiCert SHA2 High Assurance Server CA’),)), ‘version’: 3, ‘serialNumber’: ‘03E09441746B790A582B04206360BA54’, ‘notBefore’: ‘Nov 17 00:00:00 2020 GMT’, ‘notAfter’: ‘Dec 18 23:59:59 2021 GMT’, ‘subjectAltName’: ((‘DNS’, ‘mytotalconnectcomfort.com’),), ‘OCSP’: (‘http://ocsp.digicert.com’,), ‘caIssuers’: (‘http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt’,), ‘crlDistributionPoints’: (‘http://crl3.digicert.com/sha2-ha-server-g6.crl’, ‘http://crl4.digicert.com/sha2-ha-server-g6.crl’)}

Any ideas? thanks

robertzas · December 8, 2020, 1:36am

I just ran into this myself. It looks like honeywell didn’t renew their SSL cert, try going to ‘mytotalconnectcomfort.com’ and select united states. It was actually working for me all day, it seems like the initial connection is where it’s failing. Hopefully they get their stuff together, but I wouldn’t be surprised if it takes until tomorrow.

Edit: I sent them a support message
Edit 2: Looks like their cert is not expired, but is still showing invalid. Probably wrong system time or some such.

fletch101e · December 8, 2020, 3:02am

Good to know. Just another crazy coincidence
Yes I can log in manually when I tell them us…

Guess we will have to wait for them to fix cert before HA will work again…

Thanks for the info.

treythomas123 · December 8, 2020, 4:38am

They renewed the cert, but only for “mytotalconnectcomfort.com” without the “www” subdomain. Their website works if you remove the “www” in the URL.

Looks like the home assistant plugin uses the “somecomfort” python library, and it includes the “www” subdomain when calling the API:

github.com

kk7ds/somecomfort/blob/72fde28d93afe18d34948ccda88b313fd628d937/somecomfort/client.py#L375



class SomeComfort(object):
    def __init__(self, username, password, timeout=30,
                 session=None):
        self._username = username
        self._password = password
        self._session = session or self._get_session()
        self._session.headers['X-Requested-With'] = 'XMLHttpRequest'
        self._timeout = timeout
        self._locations = {}
        self._baseurl = 'https://www.mytotalconnectcomfort.com/portal'
        self._default_url = self._baseurl
        try:
            # Something changed recently, so just always act like we're
            # timed out on startup
            raise SessionTimedOut()
            self.keepalive()
        except SessionTimedOut:
            self._session.cookies.clear()
            self._login()
        self._discover()

Hopefully Honeywell will notice the problem and fix the cert to work with “www” soon. If they don’t, the client library would likely work fine if modified to also drop the “www”.

mcblok · December 8, 2020, 10:26pm

It’s working again for me

fletch101e · December 8, 2020, 11:22pm

Me too and thanks for the update.

rubin110 · December 11, 2020, 3:44am

Stopped working again. removing the www. from client.py workaround still works.

fletch101e · December 12, 2020, 6:23pm

It’s still working fine for me.