Xcel Energy ITron Gen 5 Riva

pdubs10 · February 12, 2023, 9:00pm

I read through the spec and put together the proper commands to generate your own certificate.

openssl req -x509 -nodes -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -keyout key.pem -out cert.pem -sha256 -days 1094 -subj '/CN=MeterReaderHanClient' -addext "certificatePolicies = critical,1.3.6.1.4.1.40732.2.2" -addext "keyUsage = critical,digitalSignature"

This will give you cert.pem and key.pem valid for just under 3 years (which is the maximum valid length).

The LFDI is the first 40 characters of the SHA256 signature.

openssl x509 -noout -fingerprint -SHA256 -inform pem -in cert.pem | sed -e 's/://g' -e 's/SHA256 Fingerprint=//g' | cut -c1-40

I added this LFDI to my devices in Xcel and the certificates worked a few seconds later.

Currently have it pulling in on my Energy dashboard with:

sensor:
  - platform: command_line
    unique_id: xcel_meter_power
    name: "Smart Electric Meter Power"
    command: "/usr/bin/curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://192.168.1.39:8081/upt/1/mr/1/r --cert /config/c.pem --key /config/k.pem 2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'"
    unit_of_measurement: "W"
#    device_class: 'power'
    scan_interval: 5
    command_timeout: 5

  - platform: command_line
    unique_id: xcel_meter_consumption
    name: "Smart Electric Meter Consumption"
    command: "/usr/bin/curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://192.168.1.39:8081/upt/1/mr/3/r --cert /config/c.pem --key /config/k.pem 2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'"
    unit_of_measurement: "kWh"
    value_template: "{{ value | multiply(0.001) | round(3)}}"
#    device_class: 'energy'
#    state_class: 'total_increasing'
    scan_interval: 5
    command_timeout: 5

homeassistant:
  customize:
    sensor.smart_electric_meter_consumption:
      device_class: energy
      state_class: total_increasing
    sensor.smart_electric_meter_power:
      device_class: power
      state_class: measurement

wptracy · February 12, 2023, 10:37pm

@pdubs10

I used your earlier method of generating certs and Xcel Energy launchpad devices. I haven’t heard back from xcel yet so I don’t know if it works or not.

I’m going to try your new method, but I’m trying to get @SergeantScar 's LFDI working.

I posted a message just above yours. I can ssh into home assistant to execute these commands to get watts and kWh. But when I try to execute the same commands in configuration.yaml, I get an error that says Command failed (with return code 1): /usr/bin/curl

I don’t know why it doesn’t work. It looks just like yours.

[core-ssh ~]$ curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/1/r --cert /root/config/xcelcerts/cert.pem --key /root/config/xcelcerts/key.pem 2>&1 | grep -o '<value>.*</value>'  2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'
863
[core-ssh ~]$ curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/3/r --cert /root/config/xcelcerts/cert.pem --key /root/config/xcelcerts/key.pem 2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'
10722340
[core-ssh ~]$

configuration.yaml file:

sensor:
  - platform: command_line
    name: "Smart Electric Meter Power"
    command: "/usr/bin/curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/1/r --cert /root/config/xcelcerts/cert.pem --key /root/config/xcelcerts/key.pem 2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'"
    unit_of_measurement: "W"
    #device_class: 'power'
    scan_interval: 5
    command_timeout: 5

  - platform: command_line
    name: "Smart Electric Meter Consumption"
    command: "/usr/bin/curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/3/r --cert /root/config/xcelcerts/cert.pem --key /root/config/xcelcerts/key.pem 2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'"
    unit_of_measurement: "kWh"
    value_template: "{{ value | multiply(0.001) | round(3)}}"
    #device_class: 'energy'
    #state_class: 'total_increasing'
    scan_interval: 5
    command_timeout: 5

seasideCT · February 12, 2023, 10:52pm

Remove /root

wptracy · February 12, 2023, 10:56pm

That fixed it!!!

Thank you very much!!

I’ve spent two days googling and trying to figure this out.

seasideCT · February 12, 2023, 10:57pm

Awesome, thank you, will backup my certs and give this a shot when I have a chance.

wptracy · February 13, 2023, 4:14pm

@pdups10,

The cut needs to be 18-58 to get past SHA1 Fingerprint= and leave you the 40 character fingerprint.
Can you edit it.

openssl x509 -noout -fingerprint -inform pem -in cert.pem | sed -e ‘s/://g’ -e ‘s/SHA256 Fingerprint=//g’ | cut -c18-58

pdubs10 · February 13, 2023, 4:35pm

Looks like some slight difference between openssl/libressl versions. Added the -SHA256 arg.

openssl x509 -noout -fingerprint -SHA256 -inform pem -in cert.pem | sed -e 's/://g' -e 's/SHA256 Fingerprint=//g' | cut -c1-40

wptracy · February 13, 2023, 4:52pm

Yes, I noticed that just now. Its a SHA1 instead of SHA256.

Your scripts make it simple and easy. Thanks!!

I uploaded to my new LFDI to xcel devices and it worked.

I fetched with @SergeantScar 's LFDI (first cURL below) and my own certs and LFDI (second cURL below)

[core-ssh xcelcerts]$ curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/1/r --cert /root/config/xcelcerts/cert.pem --key /root/config/xcelcerts/key.pem
<Reading
     xmlns="urn:ieee:std:2030.5:ns"
     href="/upt/1/mr/1/r">
    <qualityFlags>01</qualityFlags>
    <timePeriod>
        <duration>1</duration>
        <start>1676307749</start>
    </timePeriod>
    <value>742</value>
</Reading>
[core-ssh xcelcerts]$ curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/1/r --cert /root/config/xcelcerts/myown/cert.pem --key /root/config/xcelcerts/myown/key.pem
<Reading
     xmlns="urn:ieee:std:2030.5:ns"
     href="/upt/1/mr/1/r">
    <qualityFlags>01</qualityFlags>
    <timePeriod>
        <duration>1</duration>
        <start>1676307760</start>
    </timePeriod>
    <value>745</value>
</Reading>
[core-ssh xcelcerts]$

zakn · February 16, 2023, 5:46pm

I’ve been trying to get this up and running for the last couple days. I added my meter to my wifi network, found it on my controller, and locked it to a certain AP because it kept finding a further away one rather than a closer one with a better signal. It has now been on the network for 17hrs and I’ve generated a pair of keys and added it as an LFDI to my Xcel account, but cannot get any response from the meter on my network. I also don’t get a ping response from the meter either.

If I can get it up and running I’m looking at making a container to use the mDNS functionality to make it easier to find the meter and automate the process a bit more. Then I want to convert the API outputs from the meter and broadcast them via MQTT to more easily integrate the messages into HomeAssisstant.

tvo · February 16, 2023, 8:00pm

This post is very helpful, but the homeassistant.customize isn’t working for me, or at least it is not showing up in my energy dashboard.

WilliamRandol · February 18, 2023, 10:05am

So the Xcel site shows my meter is “Ready to Go” and I can see its IP on my network. However, I cannot seem to get the website to accept the registration. I have an LFDI based on pdubs10’s latest message, but I just keep getting an unsuccessful message. Does anybody have any thoughts?

UPDATE this appears to have been a temporary issue with the site.

jlambert121 · February 18, 2023, 2:50pm

I believe something is incorrect with my registration based on comments in this thread, but could someone confirm? I wasn’t ever prompted to set up my WIFI network when registering my meter and attempting to add a new device (using the LFID/certs above or generating my own) doesn’t work because I’m never prompted for the certificate itself. Am I missing a step or does something look incorrect?

potts-mike · February 18, 2023, 3:27pm

Anyone else getting this error when trying to log into the Energy Launchpad?

zakn · February 18, 2023, 3:38pm

Without changing anything with my registration, keys, LFDI, etc. I just received a new error message:

curl: (35) OpenSSL/3.0.8: error:0A000152:SSL routines::unsafe legacy renegotiation disabled

I’ll have to look into it later, but thats a lot more promising that zero response from the meter. Looks like registration might be taking a little longer right now?

jlambert121 · February 18, 2023, 3:42pm

I had that originally, I believe either incognito mode or deleting all of the cookies for that site fixed it for me.

a_ndy · February 18, 2023, 3:54pm

Similar situation in Minneapolis. Did this ever update?

pdubs10 · February 18, 2023, 4:15pm

@zakn You may need the openssl.cnf mentioned here: Xcel Energy ITron Gen 5 Riva - #57 by Webstas

whit · February 18, 2023, 5:08pm

I’m having the same issue. When I logged into launchpad a few days ago I was prompted to input my wifi network information and noticed the note that it only supported 2.4ghz. In the couple days it took me to get a 2.4ghz access point and set it up, it appears that something has gone wrong on xcel’s side. I’m now not able to bring up the wifi information screen. I tried calling the support number listed on that page and the xcel rep had absolutely no idea what I was talking about.

pdubs10 · February 18, 2023, 5:32pm

Xcel has been quite responsive for me at [email protected].

jlambert121 · February 18, 2023, 6:15pm

I had the same experience calling 4 different times. I haven’t been able to find an email addresses, I’m going to email the one @pdubs10 listed and see if they can assist.