Yeah, well, the plumber's pipes always leak - I'll need to find some time to put something here.
miklosbagi / haci Goto Github PK
View Code? Open in Web Editor NEWHome Assistant OS Self-Signed certificate injector
Home Assistant OS Self-Signed certificate injector
Yeah, well, the plumber's pipes always leak - I'll need to find some time to put something here.
Describe the bug
It appears certificates also need to be added to python's own internal CA store to fix some issues. Namely installing new integrations with HACS, but there may be more I haven't found.
To Reproduce
Steps to reproduce the behavior:
2021-06-11 11:07:25 INFO (MainThread) [backoff] Backing off async_download_file(...) for 0.3s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:25 INFO (MainThread) [backoff] Backing off async_download_file(...) for 0.3s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:25 INFO (MainThread) [backoff] Backing off async_download_file(...) for 0.6s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:25 INFO (MainThread) [backoff] Backing off async_download_file(...) for 0.6s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:26 INFO (MainThread) [backoff] Backing off async_download_file(...) for 1.7s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:26 INFO (MainThread) [backoff] Backing off async_download_file(...) for 1.3s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:26 INFO (MainThread) [backoff] Backing off async_download_file(...) for 0.1s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:26 INFO (MainThread) [backoff] Backing off async_download_file(...) for 0.7s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:26 INFO (MainThread) [backoff] Backing off async_download_file(...) for 1.7s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:27 INFO (MainThread) [backoff] Backing off async_download_file(...) for 2.7s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:27 INFO (MainThread) [backoff] Backing off async_download_file(...) for 2.5s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:28 INFO (MainThread) [backoff] Backing off async_download_file(...) for 0.3s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:28 INFO (MainThread) [backoff] Backing off async_download_file(...) for 0.2s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:28 INFO (MainThread) [backoff] Backing off async_download_file(...) for 1.4s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:29 ERROR (MainThread) [backoff] Giving up async_download_file(...) after 5 tries (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:29 ERROR (MainThread) [custom_components.hacs] Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')]
2021-06-11 11:07:30 ERROR (MainThread) [backoff] Giving up async_download_file(...) after 5 tries (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:30 INFO (MainThread) [backoff] Backing off async_download_file(...) for 4.9s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:30 INFO (MainThread) [backoff] Backing off async_download_file(...) for 0.4s (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:31 ERROR (MainThread) [backoff] Giving up async_download_file(...) after 5 tries (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
2021-06-11 11:07:35 ERROR (MainThread) [backoff] Giving up async_download_file(...) after 5 tries (aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host raw.githubusercontent.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')])
Expected behavior
SSL connection is verified and integration installs
Screenshots
N/A
Desktop (please complete the following information):
N/A
Smartphone (please complete the following information):
N/A
Additional context
Installing certificates to /usr/local/lib/python3.8/site-packages/certifi/cacert.pem appears to resolve the error
Describe the bug
A clear and concise description of what the bug is.
apk add openssl; FIND_BIN
https://github.com/miklosbagi/haci/blob/master/haci.sh#L38
should be && relation here, and || fail msg.
Environment
not relevant
Debug run results
Please run haci debug
and paste the output here:
not relevant
HACI config
Please paste your HACI config here:
not relevant
Additional context
Add any other context about the problem here.
??? Error pushing /shared/haci/certs/root.pem to cacert.pem !!! Error: Python Certifi SSL Tests are still failing, this should not happen.\n Please raise an issue on github.\n 0
Could this be an permission issue?
I run HA in Docker.
I will execute the command from bash inside the container with debug mode on, and report back
Describe the bug
The openssl binary in /usr/bin is no longer provided in the container, this means that the script doesn't run. Copying a working openssl binary from /usr/bin/ or shipping one with haci in the /share folder as a hack works.
To Reproduce
Steps to reproduce the behavior:
Additional context
It happened when I updated to HASS 2022.7.1, this commit home-assistant/docker@e23abd3 removes openssl from the container.
Describe the bug
If you use the HASS integration the "certs" directory described in the documentation for the SSL validation certs is no available.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Either certifi should be told to use the system trusted certs or expose an upload section where a self-signed root/cert can be uploaded/added to the configuration
Desktop (please complete the following information):
Additional context
I run a self-signed root cert and a non-routeable, non-published internal domain. I use the root cert to sign a wildcard cert for all of my machines. I have added this cert to the supervisor image, but cannot trust the "root" cert for python.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.