Error doing job: SSL error errno:1 reason: SSLV3_ALERT_BAD_CERTIFICATE

[samtwilliams]

Home Assistant release with the issue:
Hassio Version 0.76.2

Last working Home Assistant release (if known):
0.75.1

Operating environment (Hass.io/Docker/Windows/etc.):
RPI3

Component/platform:
Google TTS to Sonos:1 Media Player

Description of problem:
When sending GoogleTTS to Sonos:1 Media player it does not work, logs show the below error. The same issue occurs either using the front end gui to type text and play or by calling in config.
Example config

service: tts.google_say
data:
  message: 'May the Force be with you.'

Error

Wed Aug 22 2018 21:42:54 GMT+0100 (British Summer Time)

Error doing job: SSL error errno:1 reason: SSLV3_ALERT_BAD_CERTIFICATE
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:841)

Problem-relevant configuration.yaml entries and (fill out even if it seems unimportant):

#
# HA Core Modules
#

homeassistant:
  name: Home
  latitude: !secret latitude
  longitude: !secret longitude
  elevation: 12
  unit_system: metric
  time_zone: GB
  customize: !include customize.yaml
frontend:
config:
http:
  api_password: !secret http_password
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  cors_allowed_origins:
  - http://192.168.0.66:7080
updater:
discovery:
  ignore:
    - ikea_tradfri
conversation:
history:
map:
#wemo:
ios: !include_dir_merge_named ios/
notify:
tts:
  - platform: google
mqtt:
   broker: 192.168.0.66
   port: 1883
   client_id: home-assistant
   username: !secret mqtt_username
   password: !secret mqtt_password

#
#  Core Includes
#
group: !include_dir_merge_named groups/
automation: !include automations.yaml
script: !include_dir_merge_named scripts/

#
#  Gateways
#

cloud:
nest:
 client_id: !secret nest_clientid 
 client_secret: !secret nest_clientsecret
ifttt:
  key: !secret ifttt_key
tradfri:
  host: 192.168.0.105
  allow_tradfri_groups: true

#
#  Core Inegration
#

#Sky Hub
device_tracker:
  - platform: sky_hub
    host: 192.168.0.1
    username: !secret sky_username
    interval_seconds: 60
    consider_home: 180
    track_new_devices: yes

#no-ip
no_ip:
    domain: !secret noip_domain
    username: !secret noip_username
    password: !secret noip_password

#
# Entities
#

#Switch Entities
switch: !include entities_switches.yaml
#Sensor Entities
sensor: !include entities_sensors.yaml
#Input_Booleans Entities
input_boolean: !include entities_input_booleans.yaml
#Camera Entities
camera: !include entities_cameras.yaml
#Light Entities
light: !include entities_lights.yaml
# Web Links #
weblink: !include entities_weblinks.yaml

Traceback (if applicable):

Additional information:

[samtwilliams]

Updated: this doesn't look to be google related, tts with a microsoft service also exhibits the same issue;

tts:
  #- platform: google
  - platform: microsoft
    api_key: !secret microsoft_tts_key

[maheus]

Do you can trace with ngrep, the calls to your sonos ?
Your problem is probably related with your certificate and the url who is used by sonos for download mp3 sound.
if your certificate doesn't contains your home assistant ip (in cn or in san) , you must have base_url option with your fqdn and scheme.

[samtwilliams]

So I have just added the base_url configuration and I’m still getting the same issue.

[maheus]

base_url with fqdn and scheme ?
example:
base_url: https://www.toto.com

do you have take a network trace between homeassistant and your sonos with "ngrep" ?

[samtwilliams]

I was missing the scheme, putting the scheme in has resolved the issue. Thanks maheus