Is it working now?
Announcement
Collapse
No announcement yet.
Environment Canada Weather plugin - HS3
Collapse
X
-
No, same errors
And no devices are getting created in HomeSeer's Device list
Dec-15 1:16:53 PM envcan error in feed: https://weather.gc.ca/rss/city/ns-14_e.xml - Error getting response stream (Write: The authentication or decryption has failed.): SendFailure
And I had posted a seperate message here regarding the Wget results
Here's what I get from the WGET - are you getting this same message, but with working weather?
--2017-12-15 10:23:52-- https://weather.gc.ca/rss/city/ns-14_e.xml
Resolving weather.gc.ca (weather.gc.ca)... 205.189.10.44, 205.189.10.43
Connecting to weather.gc.ca (weather.gc.ca)|205.189.10.44|:443... connected.
ERROR: The certificate of `weather.gc.ca' is not trusted.
ERROR: The certificate of `weather.gc.ca' hasn't got a known issuer.Last edited by Otto-mation; December 15, 2017, 01:31 PM. Reason: Added comment about no devices getting created
Comment
-
Interesting progress
I've tried both HTTP and HTTPS.
When I try the WGET with the HTTP version, I get......
--2017-12-15 22:55:15-- http://weather.gc.ca/rss/city/on-54_e.xm
Resolving weather.gc.ca (weather.gc.ca)... 205.189.10.44, 205.189.10.43
Connecting to weather.gc.ca (weather.gc.ca)|205.189.10.44|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://weather.gc.ca/rss/city/on-54_e.xm [following]
--2017-12-15 22:55:15-- https://weather.gc.ca/rss/city/on-54_e.xm
Connecting to weather.gc.ca (weather.gc.ca)|205.189.10.44|:443... connected.
ERROR: The certificate of `weather.gc.ca' is not trusted.
ERROR: The certificate of `weather.gc.ca' hasn't got a known issuer.
I googled the certificate thing and discovered a WGET parameter
--no-check-certificate
And when I ran
wget --no-check-certificate http://weather.gc.ca/rss/city/on-54_e.xml -o sf_log6
I received - only a warning this time, no error!
Don't know if it means anything, other than it's bypassable.
--2017-12-15 23:00:59-- http://weather.gc.ca/rss/city/on-54_e.xml
Resolving weather.gc.ca (weather.gc.ca)... 205.189.10.44, 205.189.10.43
Connecting to weather.gc.ca (weather.gc.ca)|205.189.10.44|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://weather.gc.ca/rss/city/on-54_e.xml [following]
--2017-12-15 23:00:59-- https://weather.gc.ca/rss/city/on-54_e.xml
Connecting to weather.gc.ca (weather.gc.ca)|205.189.10.44|:443... connected.
WARNING: The certificate of `weather.gc.ca' is not trusted.
WARNING: The certificate of `weather.gc.ca' hasn't got a known issuer.
HTTP request sent, awaiting response... 200 OK
Length: 8514 (8.3K) [application/xml]
Saving to: `on-54_e.xml'
0K ........ 100% 1.80M=0.005s
2017-12-15 23:01:05 (1.80 MB/s) - `on-54_e.xml' saved [8514/8514]
Update: for anyone who is interested in the Linux link I found about this:
https://forum.ivorde.com/wget-error-...ed-t19611.html
Additionally, I heard from someone at Environment Canada that on Nov 21, they redirected from HTTP to HTTPS.
So I'm guessing two things are possibly at issue here:
-possible certificate issues with GC's weather sites
-how the plugin and/or Homeseer handle these retrievals seems to differ between HomeSeer/Windows and HomeSeer/Hometroller versions - because I'm guessing that the people running the Windows version aren't having problems.Last edited by Otto-mation; December 16, 2017, 11:45 AM. Reason: Added the link to Linux tip/syntax on not-trusted sites and EnvCan redirecting from HTTP to HTTPS on Nov 21
Comment
-
I see the problem. http (port 80) is permanently redirected to https (port 443).
As https is mandated, the SSL certificate needs to be valid and the Zee doesn't have the CA certs to determine this, so the connection is being dropped as it sees an invalid cert.
To fix this you will need to install the CA and intermediary CA public certs onto the Zee, otherwise the connection will be refused as the feed's page (server cert) won't be trusted.
I've attached a screenshot of the certificate chain to this post. You will need to install both the Entrust.net and Entrust Certification Authority -L1K into the root CA store on the Zee.
How to do this? Your guess is as good as mine.
My guess is that this stopped working because the Environment Canada site started to enforce https. I've always used the http feed but they are redirecting this to the secure version of the page so this isn't an option any more.
Comment
-
Ok thanks Chris - I will investigate and post a question to the board here.
I was hoping the fix could be simpler such as embedding that no-check-certificate parameter into the call within the plugin.
But I will start hunting around to see what I can find and if/how installing the certs on this box can be done.
Thanks for that direction
Comment
-
HI Chris, thanks for that info. Makes sense.
I have already obtained both of the certs from Entrust via
https://www.entrustdatacard.com/page...cates-download
But scanning the Zee, it seems there are existing certs in more than one place so I don't know where to put these.
I had already posted a request in the HS3 forum asking if anyone knows where/how to install the certs in the Zee.
https://forums.homeseer.com/showthread.php?t=192757
And just hoping that someone can reply with some directions.
I feel that I'm REALLY close to fixing this!
Comment
-
Maybe try this: https://askubuntu.com/questions/7328...ot-certificate
Looks like the Zee is a Raspberry Pi which is Debian based. Ubuntu is also Debian based.
If this doesn't work try Googleing "Raspberry Pi install root CA cert".
Comment
-
I seem to be having permission problems.
I found the folder.
Logged in via WinSCP
Tried creating the folder via WinSCP but it refused with an Error Code 3.
Then I tried creating the folder using the HomeSeer Linux command line window using
sudo mkdir /usr/share/ca-certificates/entrust
And that worked. I could now see that folder via WinSCP.
However, when I tried dragging the files over from my Windows folder to that folder, I received the Error Code 3 again. (screen cap attached)
So I'm stuck trying to copy the certs into the Zee folder - seemingly on a permissions issue.
I have filed a ticket with HomeSeer as well. Hopefully they can help shorten this resolution path.
Comment
-
Not sure how me supplying the certs will help... They need to go the correct place and be registered and my plugin won't have access to the OS to do this.
It's a bit odd the root CAs are not already installed. They are on most OS by default. It's rare to have to install them.
Maybe HST could add them in a future build.
Not providing root access is also a bit rough.
Comment
-
If you can run sudo from the UI, you could setup an SCP server and copy the certs over using sudo scp ...
https://www.solarwinds.com/free-tools/free-sftp-server
This method makes the Zee the client and not the server and sudo will allow you to copy the files over as a client.
Comment
-
Happy New Year and Thanks Chris but that's over my head (non-Linux person here).
I installed the SCP server on my Windows machine and set the root folder to be the one holding the certs.
But as far as commands from the Zee command line with Sudo etc, you lost me.
I suspect I would need to (from the Zee command line) log into the winSCP server and then copy the files over. But it's all Greek at that point.
Comment
-
First make sure the server is working by using WINSCP.
Then from the Zee UI enter sudo scp...
https://www.garron.me/en/articles/scp.html
Get the syntax from that link.
Adding sudo will allow the scp command to put the certs in the root protected folder.
Comment
Comment