LetsEncrypt failing - Error in HTTPServer.tick

[jwl17330536]

Make sure you are running the latest version of Home Assistant before reporting an issue.

You should only file an issue if you found a bug. Feature and enhancement requests should go in the Feature Requests section of our community forum:

Home Assistant release (hass --version):

0.24.1

Python release (python3 --version):

3.4.2

Component/platform:

letsencrypt

Description of problem:

Letencrypt not allowing access to frontend at all. I've followed the instructions (https://home-assistant.io/blog/2015/12/13/setup-encryption-using-lets-encrypt/) and all seems
well from the that side until I start Home Assistant. I'm seeing the following errors:

Jul 28 20:02:28 automation hass[5255]: Error in HTTPServer.tick
Jul 28 20:02:28 automation hass[5255]: Traceback (most recent call last):
Jul 28 20:02:28 automation hass[5255]: File "/home/hass/.homeassistant/deps/cherrypy/wsgiserver/wsgiserver3.py", line 1682, in start
Jul 28 20:02:28 automation hass[5255]: self.tick()
Jul 28 20:02:28 automation hass[5255]: File "/home/hass/.homeassistant/deps/cherrypy/wsgiserver/wsgiserver3.py", line 1748, in tick
Jul 28 20:02:28 automation hass[5255]: s, ssl_env = self.ssl_adapter.wrap(s)
Jul 28 20:02:28 automation hass[5255]: File "/home/hass/.homeassistant/deps/cherrypy/wsgiserver/ssl_builtin.py", line 67, in wrap
Jul 28 20:02:28 automation hass[5255]: server_side=True)
Jul 28 20:02:28 automation hass[5255]: File "/usr/lib/python3.4/ssl.py", line 364, in wrap_socket
Jul 28 20:02:28 automation hass[5255]: _context=self)
Jul 28 20:02:28 automation hass[5255]: File "/usr/lib/python3.4/ssl.py", line 577, in __init__
Jul 28 20:02:28 automation hass[5255]: self.do_handshake()
Jul 28 20:02:28 automation hass[5255]: File "/usr/lib/python3.4/ssl.py", line 804, in do_handshake
Jul 28 20:02:28 automation hass[5255]: self._sslobj.do_handshake()
Jul 28 20:02:28 automation hass[5255]: ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:600)

Expected:

No errors and ability to reach https://mysite.mydomain.com

Problem-relevant configuration.yaml entries and steps to reproduce:

http:
  api_password: redacted
  ssl_certificate: /etc/letsencrypt/live/mysite.mydomain.com/fullchain.pem
  ssl_key: /etc/letsencrypt/live/mysite.mydomain.com/privkey.pem

pi@automation:~/certbot $ ls -l /etc/letsencrypt
total 24
drwxrwxrwx 3 root root 4096 Jul 28 19:59 accounts
drwxrwxrwx 3 root root 4096 Jul 28 20:00 archive
drwxrwxrwx 2 root root 4096 Jul 28 20:00 csr
drwxrwxrwx 2 root root 4096 Jul 28 20:00 keys
drwxrwxrwx 3 root root 4096 Jul 28 20:00 live
drwxrwxrwx 2 root root 4096 Jul 28 20:00 renewal

pi@automation:~/certbot $ ifconfig
eth0      Link encap:Ethernet  HWaddr b8:27:eb:b9:37:67  
          inet addr:172.16.1.91  Bcast:172.16.1.255  Mask:255.255.255.0
          inet6 addr: fe80::d7a5:8a9b:f50d:28a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:88208 errors:0 dropped:174 overruns:0 frame:0
          TX packets:44464 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:65896998 (62.8 MiB)  TX bytes:6086766 (5.8 MiB)

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/mysite.mydomain.com/fullchain.pem.
   Your cert will expire on 2016-10-26. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you lose your account credentials, you can recover through
   e-mails sent to redacted.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Traceback (if applicable):

Additional info:
I've tried this install on two different systems now. The first one was my production system and tried several ways. Inside my virtualenv and installed by hass user. Using root. Most recently I have tried in a new system built from the All-in-one. Attempted by root, by hass, and pi users. All resulted in the error above.

[balloob]

It look like your browser is not sending an ssl request. Are you typing the
url starting with HTTPS in your browsr?

On Thu, Jul 28, 2016, 17:31 John Lindley notifications@github.com wrote:

Make sure you are running the latest version of Home Assistant before
reporting an issue.

You should only file an issue if you found a bug. Feature and enhancement
requests should go in the Feature Requests section
https://community.home-assistant.io/c/feature-requests of our community
forum:

Home Assistant release (hass --version):

0.24.1

Python release (python3 --version):

3.4.2

Component/platform:

letsencrypt

Description of problem:

Letencrypt not allowing access to frontend at all. I've followed the
instructions (
https://home-assistant.io/blog/2015/12/13/setup-encryption-using-lets-encrypt/)
and all seems
well from the that side until I start Home Assistant. I'm seeing the
following errors:

Jul 28 20:02:28 automation hass[5255]: Error in HTTPServer.tick
Jul 28 20:02:28 automation hass[5255]: Traceback (most recent call last):
Jul 28 20:02:28 automation hass[5255]: File "/home/hass/.homeassistant/deps/cherrypy/wsgiserver/wsgiserver3.py", line 1682, in start
Jul 28 20:02:28 automation hass[5255]: self.tick()
Jul 28 20:02:28 automation hass[5255]: File "/home/hass/.homeassistant/deps/cherrypy/wsgiserver/wsgiserver3.py", line 1748, in tick
Jul 28 20:02:28 automation hass[5255]: s, ssl_env = self.ssl_adapter.wrap(s)
Jul 28 20:02:28 automation hass[5255]: File "/home/hass/.homeassistant/deps/cherrypy/wsgiserver/ssl_builtin.py", line 67, in wrap
Jul 28 20:02:28 automation hass[5255]: server_side=True)
Jul 28 20:02:28 automation hass[5255]: File "/usr/lib/python3.4/ssl.py", line 364, in wrap_socket
Jul 28 20:02:28 automation hass[5255]: _context=self)
Jul 28 20:02:28 automation hass[5255]: File "/usr/lib/python3.4/ssl.py", line 577, in init
Jul 28 20:02:28 automation hass[5255]: self.do_handshake()
Jul 28 20:02:28 automation hass[5255]: File "/usr/lib/python3.4/ssl.py", line 804, in do_handshake
Jul 28 20:02:28 automation hass[5255]: self._sslobj.do_handshake()
Jul 28 20:02:28 automation hass[5255]: ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:600)

Expected:

No errors and ability to reach https://mysite.mydomain.com

Problem-relevant configuration.yaml entries and steps to reproduce:

http:
api_password: redacted
ssl_certificate: /etc/letsencrypt/live/mysite.mydomain.com/fullchain.pem
ssl_key: /etc/letsencrypt/live/mysite.mydomain.com/privkey.pem

pi@automation:~/certbot $ ls -l /etc/letsencrypt
total 24
drwxrwxrwx 3 root root 4096 Jul 28 19:59 accounts
drwxrwxrwx 3 root root 4096 Jul 28 20:00 archive
drwxrwxrwx 2 root root 4096 Jul 28 20:00 csr
drwxrwxrwx 2 root root 4096 Jul 28 20:00 keys
drwxrwxrwx 3 root root 4096 Jul 28 20:00 live
drwxrwxrwx 2 root root 4096 Jul 28 20:00 renewal

pi@automation:~/certbot $ ifconfig
eth0 Link encap:Ethernet HWaddr b8:27:eb:b9:37:67
inet addr:172.16.1.91 Bcast:172.16.1.255 Mask:255.255.255.0
inet6 addr: fe80::d7a5:8a9b:f50d:28a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:88208 errors:0 dropped:174 overruns:0 frame:0
TX packets:44464 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:65896998 (62.8 MiB) TX bytes:6086766 (5.8 MiB)

[image: screen shot 2016-07-28 at 8 25 54 pm]
https://cloud.githubusercontent.com/assets/15266488/17233901/ec78ad40-5501-11e6-976f-370bd67d10c3.png

IMPORTANT NOTES:

• Congratulations! Your certificate and chain have been saved at
  /etc/letsencrypt/live/mysite.mydomain.com/fullchain.pem.
  Your cert will expire on 2016-10-26. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot-auto
  again. To non-interactively renew all of your certificates, run
  "certbot-auto renew"

• If you lose your account credentials, you can recover through
  e-mails sent to redacted.

• Your account credentials have been saved in your Certbot
  configuration directory at /etc/letsencrypt. You should make a
  secure backup of this folder now. This configuration directory will
  also contain certificates and private keys obtained by Certbot so
  making regular backups of this folder is ideal.

• If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
  Donating to EFF: https://eff.org/donate-le

Traceback (if applicable):

Additional info:
I've tried this install on two different systems now. The first one was my
production system and tried several ways. Inside my virtualenv and
installed by hass user. Using root. Most recently I have tried in a new
system built from the All-in-one. Attempted by root, by hass, and pi users.
All resulted in the error above.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#2649, or mute
the thread
https://github.com/notifications/unsubscribe-auth/ABYJ2oavhoS4uwTYQC0n7qEWfWBvpKrqks5qaUnzgaJpZM4JXxXq
.

[jwl17330536]

Yeah, I'm trying to get to: https://mysite.mydomain.com

This error happens every 5 seconds during and after startup of HASS. Regardless of whether or not I'm trying to reach it via a browser or not. It doesn't seem like it is a response to me (or another) browser trying to pull the site.

[clempat]

I got the same issue, I finished by making a nginx proxy.

[jbardi]

This is happening to me as well, exact same error. Has nothing to do with the way in which we are trying to access the https address in a browser, as this error is happening at startup of HA, before it is even fully running to be able to receive https requests.

I just did some googling, and it looks like this error occurs when it thinks the SSL certificate is untrusted. Which would be odd with LetsEncrypt, but would more likely happen with self signed certificates.

Either way, from what I am seeing online, many people are having to use the nginx proxy method.

[fabaff]

I don't see this error with a self-signed certificate.

http:
  api_password: YOUR_PASSWORD
  ssl_certificate: /path/to/.homeassistant/fullchain.pem
  ssl_key: /path/to/.homeassistant/privkey.pem

[jwl17330536]

Looks like someone found the solution: #2649

I've not tried it myself, but looks identical.

[balloob]

Closing this issue as it is old. You can re-open it if you are able to reproduce it running the latest version.