SSL verification error: unable to get local issuer certificate

Bernie_V · July 12, 2023, 8:39am

Required Information

DietPi version
G_DIETPI_VERSION_CORE=8
G_DIETPI_VERSION_SUB=19
G_DIETPI_VERSION_RC=1
G_GITBRANCH=‘master’
G_GITOWNER=‘MichaIng’
G_LIVE_PATCH_STATUS[0]=‘applied’
G_LIVE_PATCH_STATUS[1]=‘not applied’
Distro version |
bookworm 1
Kernel version |
Linux VanDerMedPlay 6.1.21-v7+ #1642 SMP Mon Apr 3 17:20:52 BST 2023 armv7l GNU/Linux
Architecture |
armhf
SBC model |
RPi 2 Model B (armv7l)
Power supply used |
RPI power supply
SD card used |
SanDisk ultra

Additional Information (if applicable)

Software title |
Home Assistant
Was the software title installed freshly or updated/migrated → updated
Can this issue be replicated on a fresh installation of DietPi? → no idea

Steps to reproduce

This problem began after updating to Bookworm with an upgrade of Python → 3.11

Extra details

Since I upgraded to Python 3.11 I’m facing SSL verification errors on some (2) integrations.
I’m running HA Core 2023.7.1 in a virtual Python env. Has anyone an idea about this error and how to solve?

This is the full log:

2023-07-10 09:04:55.985 DEBUG (MainThread) [custom_components.husqvarna_automower] Exception in async_setup_entry: Cannot connect to host api.amc.husqvarna.dev:443 ssl:True [SSLCertVerificationError: (1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’)]
2023-07-10 09:04:55.994 DEBUG (MainThread) [custom_components.husqvarna_automower] Finished fetching husqvarna_automower data in 0.253 seconds (success: False)
2023-07-10 09:04:55.995 WARNING (MainThread) [homeassistant.config_entries] Config entry ‘husqvarna_automower’ for husqvarna_automower integration could not authenticate

I tried these things:

apt install ca-certificates
apt update
apt upgrade

Joulinar · July 12, 2023, 10:53am

Looks like an issue to connect to Husqvarna api. You can try to open url api.amc.husqvarna.dev on a web browser. At least for me this is working without issue.

Bernie_V · July 12, 2023, 1:21pm

Hello,

When I open api.amc.husqvarna.dev in a browser then I got {“message”:“Missing Authentication Token”}

Joulinar · July 12, 2023, 2:10pm

That should not be a problem. At least the certificate is valid. If the problem persists, you should contact Husqvarna’s integration developer to find out what the problem might be.

Bernie_V · July 13, 2023, 7:20am

I’m having the same SSL verification error on another integration (LG Horizon).
This is started after the upgrade to Bookworm. So I was thinking this is a system wide problem and could be Python or OpenSSL related?

Joulinar · July 13, 2023, 7:28am

Something I’m not able to answer.

Bernie_V · July 13, 2023, 12:22pm

From the husqvarna integration guys it should be something with openssl.
They suggested to linking /etc/ssl/certs to /usr/local/ssl/certs

I did this with root and this doens’t seem to solve my problem. In the python venv I tried also but got an access denied.

Bernie_V · July 13, 2023, 12:54pm

I was thinking…
The command I did was
ln -s /etc/ssl/certs /usr/local/ssl/certs
Then you have /usr/local/ssl/certs/certs

But should’t it be with dietpi ln -s /etc/ssl/certs /usr/local/ssl

Joulinar · July 13, 2023, 2:57pm

maybe @MichaIng would have an idea on how to work around.

Bernie_V · July 14, 2023, 10:28am

FYI: this solved my problem:
sudo rm -r /usr/local/ssl/certs
sudo ln -s /etc/ssl/certs /usr/local/ssl/certs

Jappe · July 14, 2023, 11:23am

But it’s the same as before?

edit: ah you forgot the sudo before?

Bernie_V · July 14, 2023, 11:28am

No, not the same. First I linked /etc/ssl/certs /usr/local/ssl/certs and got the certificates in /usr/local/ssl/certs/certs because there was a folder certs.
Removing the folder /usr/local/ssl/certs and then ln -s /etc/ssl/certs /usr/local/ssl/certs placed the certificates on the expected location.