Keep getting a certificate verify error
rvliege opened this issue · 57 comments
Hi there, first of all thanks for this add-on. I was happiely using my_unifi before but noticed you made it HACS compatible.
Unfortunately I can't use the add-on since because of the error below:
This error originated from a custom integration.
Logger: custom_components.unifics.api_wrapper
Source: custom_components/unifics/api_wrapper.py:44
Integration: Unifi Counter Sensor
First occurred: 3:21:30 PM (1 occurrences)
Last logged: 3:21:30 PM
unificontrol error: HTTPSConnectionPool(host='10.0.0.13', port=8443): Max retries exceeded with url: /api/s/default/stat/device (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)')))
Ofcourse I have verify SSL unchecked but guess the option isn't checked and always checks for a valid ceritficate?
Also tried op port 8080 but that won't work either. Tried configuring using YAML but error persists.
Thanks for your help.
Hi,
Thanks for the report. The default is to not check the certificate. Looking the error get me wondering if the message is misleading and the problem is not the SSL but the url. Are you using a UDM type of device? or the standard controller? May you post the full configuration, please?
I just fixed a bug in the config_flow. It's not directly related to the SSL problem, but it may be worth to update and try again.
Updated the files: error persists.
Used the GUI for configuration. But in YAML it would look like this:
sensor:
- platform: unifics
name: "Wifi-Controller"
host: ip-of-the-controller
verify_ssl: False
username: mycontrolleradmin
password: mycontrollerpassword
Update: also tested YAML configuration ending in the same error. Tried the name value with and without double quotes.
I'm using the standard controller.
Could it be that my password is to complex? It contains multiple special characters.
Also when remembering correctly it happend after I switched to using DuckDNS with Let's Encrypt. I switched back a couple of weeks ago returning to using VPN for access so local IP should do the trick.
which version of controller do you use? I just found this: https://community.ui.com/questions/API-stat-device-has-been-removed/945f38b4-3736-4232-9d5e-1ad318e37cdb. The problem may be in the unificontrol library. Let's gather all the information we could to report to them.
I'm using version 6.2.23 of the Unifi controller as an add-on for Home Assistant.
Have looked at the topic you suggested. It's looks like an old problem more than one major version ago.
As this worked before I do not see a relation.
What other information do you feel is necessary?
I'm not sure :-(. I just installed the component using hacs on my dev enviroment and it just works, but I'm still on a 5.x controller. I will install a 6.x to test. Meanwhile, are you using Ip-of-controller:port ? if yes, the new version can figure the port, so try with just ip-of-controller.
I didn't define the port in YAML. In the GUI I just tried with and without filling in the port field but still the same error.
When going through my logs I did see two other errors which I missed after updating to your latest version:
First one:
This error originated from a custom integration.
Logger: custom_components.unifics.sensor
Source: custom_components/unifics/sensor.py:141
Integration: Unifi Counter Sensor
First occurred: May 23, 2021, 12:38:53 PM (1 occurrences)
Last logged: May 23, 2021, 12:38:53 PM
Error while setting the sensor: unknow
Second one:
This error originated from a custom integration.
Logger: custom_components.unifics.config_flow
Source: custom_components/unifics/config_flow.py:37
Integration: Unifi Counter Sensor
First occurred: May 23, 2021, 12:43:57 PM (3 occurrences)
Last logged: 8:33:37 PM
0
I have checked my entities when choosing the name so I didn't use already used ones although HA should add a number to them so that shouldn't be the problem.
Besides that I checked the controller for new options which could interfere with connecting to it but was unable to find a security related (new) feature which blocks access to the API.
Has there been any progress on this?
i keep getting the following:
Dieser Fehler wurde von einer benutzerdefinierten Integration verursacht
Logger: custom_components.unifics.api_wrapper
Source: custom_components/unifics/api_wrapper.py:44
Integration: Unifi Counter Sensor
First occurred: 21:45:14 (1 occurrences)
Last logged: 21:45:14
unificontrol error: HTTPSConnectionPool(host='10.42.1.1', port=443): Max retries exceeded with url: /api/s/default/stat/device (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))
Hello, please add version support. The latest UDM requires version to login version: UDMP-unifiOS. This should fix the issues above.
Did anyone come up with a solution? I'm having the same error.
Source: custom_components/unifics/api_wrapper.py:44
Integration: unifics
First occurred: 2:24:31 PM (1 occurrences)
Last logged: 2:24:31 PM
unificontrol error: HTTPSConnectionPool(host='10.1.1.2', port=8443): Max retries exceeded with url: /api/s/default/stat/device (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129)')))```
Hello, please add version support. The latest UDM requires version to login version: UDMP-unifiOS. This should fix the issues above.
My sensor is created but always unavailable
@biofects did u get it running for UDM?
Any news here ? It's a pity that this nice component seems abondoned
Hi
I will have some time next week to look into this issues. I don't have a UDM, so I may ask for your help.
Hi all,
Just found a warning about using self signed certificates using the unificontrol library (https://github.com/nickovs/unificontrol#support-for-self-signed-certificates). As per the unificontrol docs, I just added code to download the certificate from the controller and hopefully it should fix the problem. I couldn't test the new code, may someone try it and report, please?
Still not working 😭 will provide logs tomorrow. Since unifi changed API the component stopped working
We need to fix this:
Hello, please add version support. The latest UDM requires version to login version: UDMP-unifiOS. This should fix the issues above.
I do have a USG and my Unifi Controller has a letsencrypt certificate. For me the latest unifics doesn't work with that setup.
unificontrol error: HTTPSConnectionPool(host='10.xx.xx.xx', port=443): Max retries exceeded with url: /api/s/default/stat/device (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))
The regular unifi integration works flawlessly.
Does the ha unifi integration works with your UDM? I’m thinking about rewriting the custom component to use the same python library instead of the unificontrol library.
…
On Friday, December 24, 2021, ThUnD3r|Gr33n @.> wrote: We need to fix this: Hello, please add version support. The latest UDM requires version to login version: UDMP-unifiOS. This should fix the issues above. — Reply to this email directly, view it on GitHub <#11 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABEOSGQOAIMDZZEWRQWT653USUCA5ANCNFSM45KUXGFA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you commented.Message ID: @.>
-- Christian Lyra
Yes the unifi integration works perfectly.maybe it's better to use the library iso this one from unifi control
Hi all,
I did a few changes to try to fix the certificate error. Since I also forked the unificontrol library, perhaps you will need to remove and re-install the integration. I'm still looking for how to fix the UDM (this was one of the reasons I forked the unificontrol library).
I hope it is different for others but for me (even after remove, restart, add):
Logger: custom_components.unifics.api_wrapper
Source: custom_components/unifics/api_wrapper.py:49
Integration: Unifi Counter Sensor
unificontrol error: HTTPSConnectionPool(host='10.0.1.1', port=443): Max retries exceeded with url: /api/s/default/stat/device (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))
that' sad... @SirUli are you using a UDM ? How your config looks like? did you choose to verify cert or not?
I use UDM and I is not working :( logs just tell me:
Logger: homeassistant.components.sensor
Source: helpers/entity_platform.py:297
Integration: Sensor (documentation, issues)
First occurred: 23:27:21 (2 occurrences)
Last logged: 23:27:23
Setup of platform unifics is taking longer than 60 seconds. Startup will proceed without waiting any longer.
Logger: homeassistant.bootstrap
Source: bootstrap.py:418
First occurred: 23:26:58 (1 occurrences)
Last logged: 23:26:58
Waiting on integrations to complete setup: sensor.unifics, sensor.unifics_2
hm... I was avoiding using another library because it will require a lot of rewriting, but it seems the way to go. Be patient guys :-(
Ah... the UDM will not work yet. The last changes are all about the certs. There used to be a demo.ui.com but it seems no longer available. Do you know if there's a online UDM pro demo?
that' sad... @SirUli are you using a UDM ? How your config looks like? did you choose to verify cert or not?
I'm on a USG and my config is the following:
---
sensor:
- platform: unifics
name: unifics
host: !secret unifi_ip
port: !secret unifi_port
username: !secret unifi_username
password: !secret unifi_password
verify_ssl: False
site: 'default'
udm: False
unifi_ip is my controller which listenes on unifi_port which is 443.
hello.. any progress here? :)
yes, and no... I found that when you are not using a self-signed certificates you have to set the verify_ssl to true. But the problem with UDM and newer firmware persist.
I'm thinking about two approaches. The short one is to try to fix/change the underlying library that make the requests to the devices. The longer one is to propose a change to the official integration...
sure! That's what i'm trying to do :-).
I still think moving to newer library and adding version will fix most issues a lot of us are having.
So on a whelm I changed line 23(ish) in api from UnifiServerType.UDM to "UDMP-unifiOS" I get different errors but still not fixed. I might try the newer library as well.
Error while setting the sensor: ssl
4:17:26 PM – (ERROR) Unifi Counter Sensor (custom integration)
unificontrol error: 404: Not Found
4:17:26 PM – (ERROR) Unifi Counter Sensor (custom integration)
Well might be worth it to change to working library.
hey guys
I have a new version that works but it may not cover a few special cases. You can grab it by cloning the repository and then checking out the "udmfix" branch, so right now you can't just use hacs to install it. I will merge it to the master branch but first I would like to test it a little bit more.
just found one of such cases! Sometimes a client has a essid attribute but it's not connected to a AP!
OK.. on thing maybe... Networs and AP are mixed.. maybe we can split them into two sensor? one called AP and another called Wifi Networks .. or something similiar?
Kids, guest and rhasspy are missing in the sensor
The sensor group the clients by ESSID, do you have kids/guest/rhasspy essids?
The sensor group the clients by ESSID, do you have kids/guest/rhasspy essids?
Stupid question what is essid? You might check I think you can see this with your account?
yeah... i will investigate with my account. Essid is the wifi network name you see on your device when you want to connect.
So far so good, I do see something I need to look at. My configuration I have 3 cameras and 2 doorbell cameras the door bell cameras show the right network but the wired connections do not show what the network is.
good point :) then good luck. unfortunately I can not help that much than providing the acces to the UDM :( But thanks so much for your efforts in this great project.
ok. I will merge the branch to master so we will be able to install using hacs again. And from there I will make a few improvements. So far I have this in mind:
- Show essids with 0 clients
- show guests
top!. sounds great.
I just merged the udmfix on the master, so it can be installed using hacs again. I'd like to close this issue and deal with the improvements on another one, ok?
For me it works now perfect - awesome work @clyra . For me it is ok to close the issue here :)
ok, thanks! closing now.