Announcement

Collapse
No announcement yet.

Environment Canada Weather plugin - HS3

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #76
    Is it working now?

    Comment


      #77
      No, same errors
      And no devices are getting created in HomeSeer's Device list

      Dec-15 1:16:53 PM envcan error in feed: https://weather.gc.ca/rss/city/ns-14_e.xml - Error getting response stream (Write: The authentication or decryption has failed.): SendFailure


      And I had posted a seperate message here regarding the Wget results
      Here's what I get from the WGET - are you getting this same message, but with working weather?


      --2017-12-15 10:23:52-- https://weather.gc.ca/rss/city/ns-14_e.xml
      Resolving weather.gc.ca (weather.gc.ca)... 205.189.10.44, 205.189.10.43
      Connecting to weather.gc.ca (weather.gc.ca)|205.189.10.44|:443... connected.
      ERROR: The certificate of `weather.gc.ca' is not trusted.
      ERROR: The certificate of `weather.gc.ca' hasn't got a known issuer.
      Last edited by Otto-mation; December 15, 2017, 01:31 PM. Reason: Added comment about no devices getting created

      Comment


        #78
        Please try http instead of https. It looks like the Zee doesn't have the root CA cert for the Environment Canada site.

        Comment


          #79
          Interesting progress

          I've tried both HTTP and HTTPS.

          When I try the WGET with the HTTP version, I get......

          --2017-12-15 22:55:15-- http://weather.gc.ca/rss/city/on-54_e.xm
          Resolving weather.gc.ca (weather.gc.ca)... 205.189.10.44, 205.189.10.43
          Connecting to weather.gc.ca (weather.gc.ca)|205.189.10.44|:80... connected.
          HTTP request sent, awaiting response... 301 Moved Permanently
          Location: https://weather.gc.ca/rss/city/on-54_e.xm [following]
          --2017-12-15 22:55:15-- https://weather.gc.ca/rss/city/on-54_e.xm
          Connecting to weather.gc.ca (weather.gc.ca)|205.189.10.44|:443... connected.
          ERROR: The certificate of `weather.gc.ca' is not trusted.
          ERROR: The certificate of `weather.gc.ca' hasn't got a known issuer.

          I googled the certificate thing and discovered a WGET parameter
          --no-check-certificate

          And when I ran

          wget --no-check-certificate http://weather.gc.ca/rss/city/on-54_e.xml -o sf_log6

          I received - only a warning this time, no error!
          Don't know if it means anything, other than it's bypassable.

          --2017-12-15 23:00:59-- http://weather.gc.ca/rss/city/on-54_e.xml
          Resolving weather.gc.ca (weather.gc.ca)... 205.189.10.44, 205.189.10.43
          Connecting to weather.gc.ca (weather.gc.ca)|205.189.10.44|:80... connected.
          HTTP request sent, awaiting response... 301 Moved Permanently
          Location: https://weather.gc.ca/rss/city/on-54_e.xml [following]
          --2017-12-15 23:00:59-- https://weather.gc.ca/rss/city/on-54_e.xml
          Connecting to weather.gc.ca (weather.gc.ca)|205.189.10.44|:443... connected.
          WARNING: The certificate of `weather.gc.ca' is not trusted.
          WARNING: The certificate of `weather.gc.ca' hasn't got a known issuer.
          HTTP request sent, awaiting response... 200 OK
          Length: 8514 (8.3K) [application/xml]
          Saving to: `on-54_e.xml'

          0K ........ 100% 1.80M=0.005s

          2017-12-15 23:01:05 (1.80 MB/s) - `on-54_e.xml' saved [8514/8514]

          Update: for anyone who is interested in the Linux link I found about this:

          https://forum.ivorde.com/wget-error-...ed-t19611.html


          Additionally, I heard from someone at Environment Canada that on Nov 21, they redirected from HTTP to HTTPS.
          So I'm guessing two things are possibly at issue here:
          -possible certificate issues with GC's weather sites
          -how the plugin and/or Homeseer handle these retrievals seems to differ between HomeSeer/Windows and HomeSeer/Hometroller versions - because I'm guessing that the people running the Windows version aren't having problems.
          Last edited by Otto-mation; December 16, 2017, 11:45 AM. Reason: Added the link to Linux tip/syntax on not-trusted sites and EnvCan redirecting from HTTP to HTTPS on Nov 21

          Comment


            #80
            I see the problem. http (port 80) is permanently redirected to https (port 443).

            As https is mandated, the SSL certificate needs to be valid and the Zee doesn't have the CA certs to determine this, so the connection is being dropped as it sees an invalid cert.

            To fix this you will need to install the CA and intermediary CA public certs onto the Zee, otherwise the connection will be refused as the feed's page (server cert) won't be trusted.

            I've attached a screenshot of the certificate chain to this post. You will need to install both the Entrust.net and Entrust Certification Authority -L1K into the root CA store on the Zee.

            How to do this? Your guess is as good as mine.

            My guess is that this stopped working because the Environment Canada site started to enforce https. I've always used the http feed but they are redirecting this to the secure version of the page so this isn't an option any more.
            Attached Files

            Comment


              #81
              Ok thanks Chris - I will investigate and post a question to the board here.

              I was hoping the fix could be simpler such as embedding that no-check-certificate parameter into the call within the plugin.

              But I will start hunting around to see what I can find and if/how installing the certs on this box can be done.

              Thanks for that direction

              Comment


                #82
                The plugin doesnt use WGET and the quick investigation I did suggested ignoring the cert check was troublesome.

                Adding the CA certs is the way to go.

                Comment


                  #83
                  HI Chris, thanks for that info. Makes sense.

                  I have already obtained both of the certs from Entrust via
                  https://www.entrustdatacard.com/page...cates-download

                  But scanning the Zee, it seems there are existing certs in more than one place so I don't know where to put these.

                  I had already posted a request in the HS3 forum asking if anyone knows where/how to install the certs in the Zee.
                  https://forums.homeseer.com/showthread.php?t=192757

                  And just hoping that someone can reply with some directions.

                  I feel that I'm REALLY close to fixing this!

                  Comment


                    #84
                    Maybe try this: https://askubuntu.com/questions/7328...ot-certificate

                    Looks like the Zee is a Raspberry Pi which is Debian based. Ubuntu is also Debian based.

                    If this doesn't work try Googleing "Raspberry Pi install root CA cert".

                    Comment


                      #85
                      I seem to be having permission problems.

                      I found the folder.
                      Logged in via WinSCP
                      Tried creating the folder via WinSCP but it refused with an Error Code 3.
                      Then I tried creating the folder using the HomeSeer Linux command line window using

                      sudo mkdir /usr/share/ca-certificates/entrust

                      And that worked. I could now see that folder via WinSCP.

                      However, when I tried dragging the files over from my Windows folder to that folder, I received the Error Code 3 again. (screen cap attached)

                      So I'm stuck trying to copy the certs into the Zee folder - seemingly on a permissions issue.

                      I have filed a ticket with HomeSeer as well. Hopefully they can help shorten this resolution path.
                      Attached Files

                      Comment


                        #86
                        I seem to have hit the wall here.

                        HomeSeer technical support said that they do not provide root access to users (re: the permissions issue) nor support for third party plugins and suggested that the developer update the plugin to include the necessary files.

                        Comment


                          #87
                          Not sure how me supplying the certs will help... They need to go the correct place and be registered and my plugin won't have access to the OS to do this.

                          It's a bit odd the root CAs are not already installed. They are on most OS by default. It's rare to have to install them.

                          Maybe HST could add them in a future build.

                          Not providing root access is also a bit rough.

                          Comment


                            #88
                            If you can run sudo from the UI, you could setup an SCP server and copy the certs over using sudo scp ...

                            https://www.solarwinds.com/free-tools/free-sftp-server

                            This method makes the Zee the client and not the server and sudo will allow you to copy the files over as a client.

                            Comment


                              #89
                              Happy New Year and Thanks Chris but that's over my head (non-Linux person here).
                              I installed the SCP server on my Windows machine and set the root folder to be the one holding the certs.
                              But as far as commands from the Zee command line with Sudo etc, you lost me.
                              I suspect I would need to (from the Zee command line) log into the winSCP server and then copy the files over. But it's all Greek at that point.

                              Comment


                                #90
                                First make sure the server is working by using WINSCP.

                                Then from the Zee UI enter sudo scp...

                                https://www.garron.me/en/articles/scp.html

                                Get the syntax from that link.

                                Adding sudo will allow the scp command to put the certs in the root protected folder.

                                Comment

                                Working...
                                X