SSL verification error: unable to get local issuer certificate

Required Information

  • DietPi version
    G_DIETPI_VERSION_CORE=8
    G_DIETPI_VERSION_SUB=19
    G_DIETPI_VERSION_RC=1
    G_GITBRANCH=‘master’
    G_GITOWNER=‘MichaIng’
    G_LIVE_PATCH_STATUS[0]=‘applied’
    G_LIVE_PATCH_STATUS[1]=‘not applied’

  • Distro version |
    bookworm 1

  • Kernel version |
    Linux VanDerMedPlay 6.1.21-v7+ #1642 SMP Mon Apr 3 17:20:52 BST 2023 armv7l GNU/Linux

  • Architecture |
    armhf

  • SBC model |
    RPi 2 Model B (armv7l)

  • Power supply used |
    RPI power supply

  • SD card used |
    SanDisk ultra

Additional Information (if applicable)

  • Software title |
    Home Assistant
  • Was the software title installed freshly or updated/migrated → updated
  • Can this issue be replicated on a fresh installation of DietPi? → no idea

Steps to reproduce

  1. This problem began after updating to Bookworm with an upgrade of Python → 3.11

Extra details

Since I upgraded to Python 3.11 I’m facing SSL verification errors on some (2) integrations.
I’m running HA Core 2023.7.1 in a virtual Python env. Has anyone an idea about this error and how to solve?

This is the full log:

2023-07-10 09:04:55.985 DEBUG (MainThread) [custom_components.husqvarna_automower] Exception in async_setup_entry: Cannot connect to host api.amc.husqvarna.dev:443 ssl:True [SSLCertVerificationError: (1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’)]
2023-07-10 09:04:55.994 DEBUG (MainThread) [custom_components.husqvarna_automower] Finished fetching husqvarna_automower data in 0.253 seconds (success: False)
2023-07-10 09:04:55.995 WARNING (MainThread) [homeassistant.config_entries] Config entry ‘husqvarna_automower’ for husqvarna_automower integration could not authenticate

I tried these things:

apt install ca-certificates
apt update
apt upgrade

Looks like an issue to connect to Husqvarna api. You can try to open url api.amc.husqvarna.dev on a web browser. At least for me this is working without issue.

Hello,

When I open api.amc.husqvarna.dev in a browser then I got {“message”:“Missing Authentication Token”}

That should not be a problem. At least the certificate is valid. If the problem persists, you should contact Husqvarna’s integration developer to find out what the problem might be.

I’m having the same SSL verification error on another integration (LG Horizon).
This is started after the upgrade to Bookworm. So I was thinking this is a system wide problem and could be Python or OpenSSL related?

Something I’m not able to answer.

From the husqvarna integration guys it should be something with openssl.
They suggested to linking /etc/ssl/certs to /usr/local/ssl/certs

I did this with root and this doens’t seem to solve my problem. In the python venv I tried also but got an access denied.

I was thinking…
The command I did was
ln -s /etc/ssl/certs /usr/local/ssl/certs
Then you have /usr/local/ssl/certs/certs

But should’t it be with dietpi ln -s /etc/ssl/certs /usr/local/ssl

maybe @MichaIng would have an idea on how to work around.

FYI: this solved my problem:
sudo rm -r /usr/local/ssl/certs
sudo ln -s /etc/ssl/certs /usr/local/ssl/certs

But it’s the same as before? :thinking:

edit: ah you forgot the sudo before?

No, not the same. First I linked /etc/ssl/certs /usr/local/ssl/certs and got the certificates in /usr/local/ssl/certs/certs because there was a folder certs.
Removing the folder /usr/local/ssl/certs and then ln -s /etc/ssl/certs /usr/local/ssl/certs placed the certificates on the expected location.