SSL certificate verify failed

[arj]

I used a subset of the small example script that you provided in the README.md.
But when executing (env variables are set properly), I get the following error:

Traceback (most recent call last):
  File "bin/test.py", line 19, in <module>
    manager.start()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/meross_iot/manager.py", line 45, in start
    self._cloud_client.connect()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/meross_iot/cloud/client.py", line 167, in connect
    self._mqtt_client.connect(self._domain, self._port, keepalive=30)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/paho/mqtt/client.py", line 839, in connect
    return self.reconnect()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/paho/mqtt/client.py", line 994, in reconnect
    sock.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1061, in do_handshake
    self._sslobj.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 683, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)

Any ideas?

My script:

#!/usr/bin/env python3.6

from meross_iot.manager import MerossManager
from meross_iot.meross_event import MerossEventType
from meross_iot.cloud.devices.light_bulbs import GenericBulb
from meross_iot.cloud.devices.power_plugs import GenericPlug
from meross_iot.cloud.devices.door_openers import GenericGarageDoorOpener
import time
import os

EMAIL = os.environ.get('MEROSS_EMAIL') or "YOUR_MEROSS_CLOUD_EMAIL"
PASSWORD = os.environ.get('MEROSS_PASSWORD') or "YOUR_MEROSS_CLOUD_PASSWORD"

if __name__=='__main__':
    # Initiates the Meross Cloud Manager. This is in charge of handling the communication with the remote endpoint
    manager = MerossManager(meross_email=EMAIL, meross_password=PASSWORD)

    # Starts the manager
    manager.start()

    # You can retrieve the device you are looking for in various ways:
    # By kind
    bulbs = manager.get_devices_by_kind(GenericBulb)
    plugs = manager.get_devices_by_kind(GenericPlug)
    door_openers = manager.get_devices_by_kind(GenericGarageDoorOpener)
    all_devices = manager.get_supported_devices()

    # Print some basic specs about the discovered devices
    print("All the bulbs I found:")
    for b in bulbs:
        print(b)

    print("All the plugs I found:")
    for p in plugs:
        print(p)

    print("All the garage openers I found:")
    for g in door_openers:
        print(g)

    print("All the supported devices I found:")
    for d in all_devices:
        print(d)

    # At this point, we are all done playing with the library, so we gracefully disconnect and clean resources.
    print("We are done playing. Cleaning resources...")
    manager.stop()

    print("Bye bye!")

[arj]

Installed version is:

pip3.6  install meross_iot==0.3.1.3 --upgrade

Operating system Mac OS X with python 3.6

[arj]

When getting the certificate from ios.meross.com:443 I get the following:

$ echo |  openssl s_client -servername iot.meross.com -connect iot.meross.com:443 2>/dev/null | openssl x509 -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6690121522535904232 (0x5cd8161436f2b3e8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
        Validity
            Not Before: Apr 19 02:14:02 2018 GMT
            Not After : Apr 19 02:14:02 2020 GMT
        Subject: OU=Domain Control Validated, CN=*.meross.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ad:81:51:df:cc:da:3a:2f:53:24:a5:2f:85:17:
                    32:ed:42:1b:4c:f2:2f:8b:c4:c2:0e:8a:e4:8c:be:
                    c9:74:44:3c:1d:3e:ca:df:5e:5b:de:f9:6a:6c:cc:
                    e9:c2:46:15:c0:21:55:fb:d6:7c:6b:b1:e9:0f:37:
                    36:f7:1a:22:17:60:e7:9f:41:36:89:3c:a2:01:65:
                    b0:65:bb:17:fd:5d:75:d8:5e:77:2b:04:72:6a:7f:
                    83:0f:56:74:88:f9:40:14:91:c0:e5:89:82:d0:c9:
                    f0:a3:22:9c:a2:9f:58:ed:a1:47:ac:33:e1:65:68:
                    55:05:4a:5a:1e:02:79:98:d6:09:18:f6:52:ea:fd:
                    d9:5b:ca:05:3c:f0:1d:54:ac:42:22:1c:5b:ad:26:
                    85:07:1e:2e:b4:86:19:29:ba:f0:f9:f0:22:81:c5:
                    1a:d1:1b:15:81:3e:ea:be:4a:24:36:6b:c1:85:88:
                    5c:e4:7d:d2:68:61:1c:77:50:56:3e:09:41:99:95:
                    c9:f1:82:73:c0:e3:9b:0d:cc:04:8f:77:fe:e6:e3:
                    9c:57:3d:e4:41:b4:a8:02:92:df:f6:37:76:52:50:
                    38:e9:9d:54:c9:11:30:da:9f:bd:07:2a:9c:2d:66:
                    69:36:af:b4:3b:9b:42:e4:c8:ba:d1:dc:57:da:aa:
                    fd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.godaddy.com/gdig2s1-823.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114413.1.7.23.1
                  CPS: http://certificates.godaddy.com/repository/
                Policy: 2.23.140.1.2.1

            Authority Information Access:
                OCSP - URI:http://ocsp.godaddy.com/
                CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt

            X509v3 Authority Key Identifier:
                keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE

            X509v3 Subject Alternative Name:
                DNS:*.meross.com, DNS:meross.com
            X509v3 Subject Key Identifier:
                0D:D1:C8:AE:3F:67:F1:9B:92:30:9A:22:D3:F6:B3:42:28:DB:31:8B
            1.3.6.1.4.1.11129.2.4.2:
                ...l.j.v.......X......gp
.[...b...U.....G0E. +....
<.A>z..m2..s..H........!...'..Z.^..2.H.....=....w.U"T9p.m.w..K..u.`..Bi....f..~_.r....{.z......b.........H0F.!........Q#K."..Q.awQ..+.(L
...b...!... ccY....r..@.j?\.x5...9.;.K/...w.^.s..V...6H}.I.2z.........u..qEX...b...w.....H0F.!....0....h.....@.I.D...j.L...dF...!..EM.....~k(4&.
O?A..v..WM
    Signature Algorithm: sha256WithRSAEncryption
         66:d3:cd:bb:10:d6:e1:a5:80:a9:ad:c2:b2:75:8c:fb:eb:ea:
         ed:b9:48:da:88:e7:d0:34:06:3b:4f:ec:e3:c4:25:5c:e2:3d:
         a2:fe:af:34:6f:c6:9e:28:27:77:3f:8c:c9:4a:b0:a4:e1:c2:
         1e:5d:c8:43:1f:2c:6b:52:38:bc:d7:ff:8d:e1:7c:7e:ab:0d:
         71:01:8f:21:96:61:b9:59:10:9f:43:84:5f:c4:cd:3d:64:19:
         05:ac:16:65:91:6f:c9:56:ed:57:3d:42:ec:cf:43:ee:ee:23:
         27:87:ed:82:17:9f:54:2e:f4:54:67:a0:b8:ce:dc:20:2a:f9:
         79:6b:43:26:a2:b0:d9:a3:a4:97:ed:38:1c:a1:d3:7d:dc:23:
         3a:af:c5:d7:60:95:da:d7:bf:93:7a:3e:f6:b9:f7:5b:b9:30:
         a0:b7:bd:c4:c5:e9:aa:e0:04:e9:2c:17:f6:08:bf:c2:5f:5d:
         9b:8d:e0:77:7f:fb:4a:b9:dd:ac:44:e8:c5:ee:79:e5:42:80:
         b8:ef:cb:a6:01:c5:00:ce:f5:77:7f:e3:95:3a:b3:dd:52:1e:
         38:3d:be:6a:42:b3:7e:d5:2f:35:3c:1b:25:09:f7:2e:24:28:
         bb:e3:88:71:bc:b7:c8:f6:a6:73:cf:29:4a:99:8f:f2:bc:26:
         4a:e4:c3:9b

[albertogeniola]

Hi, is this problem still occurring? I was unable to reproduce it on my own... I just want to make sure it wasn't a temporary ssl certificate being installed on Meross' mqtt broker...

[Tuanhao]

I have also bumped into this problem, and have found out that it was because for python 3.6 or 3.7 on OSX requires a post install of certificates.
The solution is from here https://stackoverflow.com/questions/27835619/urllib-and-ssl-certificate-verify-failed-error
For 3.6 run this command in terminal /Applications/Python\ 3.6/Install\ Certificates.command

[albertogeniola]

Glad you fixed. I've added a note into the readme.

[JudeWells]

I'm running on Python 3.9 and encountered the same issue. The command can be modified to:
/Applications/Python\ 3.9/Install\ Certificates.command
And this resolves the issue.