Web server no longer accessible #24
Comments
|
Perhaps have a look at this: #20 SE10k Internal Server Error |
|
Yeah I read through that before, thanks though. I’m not sure what the end resolution was in that thread, seems like people are still having issues at the end of it. I should have mentioned I’ve been using hardwired Ethernet the entire time, not WiFi. Also worth mentioning that I’m not getting a server error message, I just get nothing because port 80 is blocked entirely. I can only assume that in a recent firmware SE decided to disable SetApp access over the private network or it was an accident that it was ever available. Either way, it’s unfortunate for this project. I’ll report back if I ever find a resolution but I’ll probably just go back to using the official API. |
|
It is a very strange problem. Some people have it others not. My inverter has done an automatic update to: (#23 (comment)) I still have access to port 80 and I can still use this python API. |
|
I'm having the same issues with both my SE3600H (CPU 4.8.19) and SE4000H (CPU 4.8.28): can't access the API via port 80. The SE3600H used to work but self-updated, the SE4000H never worked because it had CPU 4.7.26 from the start (looks like these issues began after CPU 4.6.x). |
|
So I called SolarEdge support because near as I can tell no one that has had this problem has actually called SolarEdge. The first guy seemed very familiar with what I was asking and immediately said that interface was blocked to prevent non-installers from changing settings. That's what I was expecting. Because I had another change I wanted them to make he forwarded me to someone else in tech support. Just to be thorough I asked that guy the same question and he seemed familiar with the interface but wasn't aware of them intentionally blocking it and said it should still be accessible. He pinged a tier 2 guy and they apparently said the same. He was going to poke around and email me if he had any more information. Sooo... Clear as mud :) |
|
Today me too I cannot longer access to webinterface (CPU) | 4.8.19 |
|
Same problem here... I just wasted half an hour trying to restart the inverter, the router and other network stuff... It worked well until 4 hours ago, and now the web server is no longer working, chrome shows an "ERR_CONNECTION_TIMED_OUT" error. CPU: 4.8.19 |
|
Everyone, please see this thread: jbuehl/solaredge#124 it goes into details about what's happening here, especially the last several posts. This isn't a bug and apparently SE is intentionally blocking access to prevent non-installers from messing around. According to a commentator in that thread the only reason some people seem to be unaffected with this problem is their inverters must be running in debug mode, as that mode still allows LAN access. Getting your inverter into debug mode apparently involves SolarEdge and I don't imagine it's something they just authorize willy nilly. In that thread I linked I detail the process to create an installer account and use the SetApp mobile phone app to connect to the inverter with full access. It was actually quite simple. This is what installers use to manage a system and make changes. This will give you full access to your inverter through the phone app, but won't restore LAN access. It doesn't seem like that's ever coming back. |
|
What nonsense... if I want to damage the inverter I hit it with a hammer, I don't use the web interface... they should at least allow read-only access, in this way damage cannot be done and we can see the updated production data, considering also that their servers often have problems and the data is not really in real time. edit: if I was Solaredge I would be more worried that customers are creating installer accounts and trying to find workaround, than using the web interface |
Ha yes, I agree. I think I even made a comment to that effect in the other thread. If security is their concern they have a lot of work to do. Because anyone with a smartphone can walk up to these inverters, scan the QR code and do whatever they want with them. For a number of reasons I'm wishing I had my inverter installed inside, this being one. |
Do you know if installers could set it? |
|
I don't know for certain, but I suspect the encrypted file that needs to be loaded onto the inverter to enable debug mode would have to be placed by SolarEdge. I imagine an installer could request it, but I don't know what justification SE needs from you/the installer to get them to do it. I gave up on the local API months ago when I lost access and just switched to using their official API so I haven't pushed them on getting access again. But if you want to pursue I think you're going to have to deal direct with SE and explain your situation. If you get the right engineer maybe they'll help you out. |
Thanks for the infos I guess I'll give up me too... Anyway I'm using home-assistant and the official API doesn't have all the features... time to coding :( |
|
I'm now running 4.8.19. When the inverter was installed, I got the JSON 500 error and left it at that. Now port 80 seems to be disabled. HOWEVER - the SolarEdge app prompted me to download their "new app" 'mySolarEdge'. This has a menu options called 'Inverter Status' and 'Inverter Communication'. These are accessible for me within the app, as long as scan the QR code and then move the power switch to P mode momentarily. Then able to see detailed diagnostics and error logs. I need to check with a laptop, but I wonder if I can access through direct wifi. The app might also be calculating a password dynamically and there might also be a timeout on the 'Switch to P' mode. |
Interesting... I tried with mySolarEdge, but even in this way I can't see the inverter data. The inverter generates its AP, the smartphone connects, but the app still loading until an error appears. Did you try to connect to the inverter with the browser when your smartphone is connected to the inverter AP? It doesn't work on mine. |
…is component will not work on many inverters drobtravels/solaredge-local#24
|
I've added new sensors to the home-assistant solaredge (some I'm using as Export/Import SelfConsumption was missing) |
|
ALL INSTRUCTIONS BELOW ARE EXECUTED AT YOUR OWN RISK Hello, When you read through the SolarEdge's patchnotes, you will see the following: This means that we can execute shell scripts on the device, and it just so happens to give us full root access. Using a small webserver, we can log all post requests to a console, and the SolarEdge has curl installed, so we can execute scripts, and post their commands to our webserver. #!/usr/bin/env python3
"""
Very simple HTTP server in python for logging requests
Usage::
./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer
import logging
class S(BaseHTTPRequestHandler):
def _set_response(self):
self.send_response(200)
self.send_header('Content-type', 'text/html')
self.end_headers()
def do_GET(self):
logging.info("GET request,\nPath: %s\nHeaders:\n%s\n", str(self.path), str(self.headers))
self._set_response()
self.wfile.write("GET request for {}".format(self.path).encode('utf-8'))
def do_POST(self):
content_length = int(self.headers['Content-Length'])
post_data = self.rfile.read(content_length)
#logging.info(" %s",post_data.decode('utf-8'))
print("%s"%(post_data.decode('utf-8')))
self._set_response()
self.wfile.write("".encode('utf-8'))
def log_message(self, format, *args):
pass
def run(server_class=HTTPServer, handler_class=S, port=8080):
logging.basicConfig(level=logging.INFO)
server_address = ('', port)
httpd = server_class(server_address, handler_class)
logging.info('Starting httpd...\n')
try:
httpd.serve_forever()
except KeyboardInterrupt:
pass
httpd.server_close()
logging.info('Stopping httpd...\n')
if __name__ == '__main__':
from sys import argv
if len(argv) == 2:
run(port=int(argv[1]))
else:
run()Entering a wifi password with the following value will give us the files and folders on / as output in our webserver. Opening port 80 and 8080 First, we want to connect a laptop to the solaredge's wifi network, this laptop will need to run the python3 webserver. We can check the current firewall rules using the following wifi password: They should look like this: We can open port 80 and port 8080 using the following wifi password: They should now look like this: When you restart the solar edge, you should find port 80 and 8080 working again. Block the solar edge from the internet |
|
Ha wow, this is next level. Nice work on this, although giving up all future firmware updates (and presumably dashboard usage?) will probably be a non-starter for most people. It's pretty clear SE doesn't want this open and will keep doing what they can to block it. |
|
Sounds doable, on which version did you test this? And blocking the SE from the internet means you also lose SE monitoring updates (via app/monitoring portal) or would it be possible to block only specific IP's/ports to block firmare updates but maintain SE monitoring? |
|
I am running CPU version 4.8.19, but it should also work on CPU 4.8.28. If the monitoring platform and the firmware updates originate from a different endpoint, you could potentially block one, but I am not willing to risk this at the moment, I have no interest in their proprietary monitoring platform and would not like to accidentally upgrade my firmware. Also, enabling debug mode makes the SolarEdge enter a weird state where it will refuse to create any solar energy. I could only get the SolarEdge to leave debug mode by giving it a factory reset. I came up with the idea of enabling it like this because their |
|
Confirmed working on 4.9.30. Nice find! |
|
Today I tried to connect the inverter to my Wi-Fi network. It didn't work… Funnily I could SSH into the inverter using |
|
I have a fresh installation ; Web server has been running for only one day ; later in the morning, no more Web server. I suppose a firmware upgrade occurred in the night. |
|
Hello, I'm also getting a SolarEdge Should I block it's internet access to keep the interface? Or should I ask my installer about something to keep the inteface running? |
|
@AndreVanKammen I did not have any success with the installer. Many will probably not even understand what you are talking about, but even if they do I don't know how much power they have to control the debug flag on their customers' inverters. If you are lucky enough to get an inverter with the debug mode enabled from the factory, it's not just important to not let the inverter connect to the internet, but even more so to not use SetApp to do the initial setup because SetApp will upgrade the firmware without asking. In general: SetApp is not some magic piece, but just a wrapper around the website you get at |
|
Has it ever happened to any of you that you can't connect to the web server in even if you connect directly with WiFi? I can see the network SEDG-XXXX, I can connect to it, but then If i try to connect to 172.16.0.1 using the web browser, the connection timeout, like when I try the connection via LAN. |
Are you sure that you are connecting to port 80 using plain HTTP, not HTTPS? You could also try port 8080 which should also display a webpage. |
Yes, I'm using HTTP, and neither port works. Anyway, I managed to solve it by rebooting the inverter, but I can only connect to the web server once. The next time I try (after a few minutes, so when the inverter is out of AP mode and I enable it again) I still have the same timeout problem. Could it be a problem with conflict between networks? My home LAN is 172.16.0.0/24. I don't have any devices with IP 172.16.0.X though, so there shouldn't be any IP conflicts. |
|
I just got this inverter and starting playing around with it (since it's not setup completely yet). I was probably too late in getting it off the net completely. Or it came with a more recent firmware, so I can't use the hack. I did find something interesting. I cut off access to Google DNS (8.8.8.8 and 8.8.4.4) and redirected *.solaredge.com and semgmt.karambasecurity.com to a local device. When tcpdump'ing you will see the SERVFAIL replies from Google DNS on those but it still falls back to the local DNS provided by DHCP to do it's querying. The find is that after cutting off power and restoring power, after several minutes a new service appears shortly on port 8181.
The The service disappears several minutes later. |
|
My experience is that the inverter comes pre-configured in Debug mode, which means the firewall is disabled and you can access the http interface (web set app) over standard Ethernet connection. After registration, SW upgrade, etc, firewall becomes active and direct http access is filtered. However you can connect to the WiFi interface and here http is open. The SSID and password is encoded in the QR code labeled on the inverter. The SolarEdge set app is more or less just a browser that does exactly that: Connect to the WiFi and show the internal web page. For me it makes sense that the configuration interface is not exposed per default to your network, but via a special (WiFi) connection. In my case I just plugged a WiFi USB dongle into my server and can always access the web server, and more specifically the protobuf interfaces to monitor the status regularly. There is also the Modbus interface via RS485 or Ethernet/IP that can be enabled, for continuous monitoring. |
|
I have some positive news to share with you regarding local access. After several emails exchanged with support, I was informed that they have implemented SunSpec and are able to enable it on port 1502. Following the installation of https://github.com/CJNE/ha-sunspec, I am now able to access it locally. It's a bummer I can't enable by myself but now in any case I don't depend on SolarEdge servers anymore :) |
|
Wow, that's exciting news! Does that mean we have to ask SolarEdge to enable it manually? Or do they need to push firmware updates to get the SunSpec implementation? |
|
How is it different to the existing MODBUS data already exposed? |
|
SolarEdge has supported SunSpec via Modbus/TCP over Ethernet since firmware 3.1810, though Modbus/TCP over WiFi has been declared supported only recently (in 4.16.x, IIRC). You have to enable Modbus manually. Unfortunately per panel (optimizer) SunSpec data is still not available via Modbus in the most recent firmware (4.17.x) even though basic provisions for this have been present in the firmware for several years. SolarEdge has an application note (SunSpec Logging in SolarEdge Inverters, current version 2.5) that describes some aspects of their implementation. Please use this document with caution as it is both incomplete and broken:
|
I think the only way is through their support. It's not enabled by default and the docs they shared with me just mention how enable it as a installer. |
Did you wrote to a specific email address, or you just used the contact form for your country, on their website? And then they enabled it remotely? Because I don't know in which strange state my inverter is, but the web server doesn't work anymore even following the procedure for the installer, so I couldn't enable it that way. |
|
|
you can verify port is open with this command ; 1502 is opened !!! nmap non agressive discovery did not show port open or may be support open port after my last request. best regards, Marc. edit: can't read modbus register with this command : |
|
It's OK for me. Having registers (4000,40001) readable on wireless interface and giving me : (0x5375:0x6E53) very nice !!! |
|
this project is working perfectly for me: https://github.com/nmakel/solaredge_modbus |
|
In my case, nmap find the port 1502 open, but with solaredge_modbuse I cannot get any data. I'll try to contact Solaredge to check, because I cannot follow the instructions here as during the step 3 I cannot reach the server (I receive the classic timeout error). I'm not sure why, probably something to do with the fact that my LAN network is 172.16.0.0. |
|
I guess you need the set app application in order to enable this feature (if already released in the firmware) |
|
@kingfisher63 afaik one year ago they disabled tcp modbus over wifi. Is it back on? |
|
As far as I know SolarEdge has re-enabled Modbus/TCP over WiFi in a recent firmware release (I think it was 4.16.x) and has now declared this supported (for residential inverters only). Unfortunately SolarEdge does not maintain a comprehensive public release notes archive, so this is from memory. You can easily test it by enabling Modbus/TCP (e.g. using the method described here (as pointed out by @mqu)), wait until the inverter built-in WiFi access point has timed out and then try to connect to port 1502 on the inverter IP-address. If you get a connection, you are in business. |
|
I got in touch with the Solaredge support, they said they enabled Modbus TCP on my inverter, but with the solaredge_modbus example script I cannot get any data. The inverter is connected with Ethernet. I'm missing something? |
Hello ironsm4sh, This is brilliant, however can I get a little bit of detailed steps? Web server is running in one window script is running and wait with I run the command in the third window :
Any idea? What did I mist? Thank you for your help in forward |
|
The exploit has been fixed by SolarEdge, you are probably running a patched firmware version. |
|
Thank you to back to me. So you can confirm the SolarEdge is locked down this whole and in this case your method does not work anymore? I had some typo so I will try again: and my Solaredge IP is 172.16.0.1 not 172.16.0.10 |
|
The method does not work anymore. You are also fundamentally misunderstanding how it works. |
|
Anyone have any luck getting Solar Edge to enable local access? When I connect with their app, it just shows me cellular connectivity and no option to input wifi credentials. I am able to connect to it's wifi network and when I navigate in the browser to 
and port 8080 gave me this |
and others
For a while I’ve been using this then all of a sudden the web server disappeared and the inverter is unresponsive on port 80. Presumably, the inverter self-updated it’s firmware. Does anyone know how to reenable the web server? I know I have the correct IP. I have the HD Wave 10kw US version. No LCD screen.
The text was updated successfully, but these errors were encountered: