SSL handshake failed / SSL error errno:1 reason: UNSUPPORTED_PROTOCOL

[Rick-Git]

Home Assistant release with the issue:
0.90.1 / 0.90.1

Last working Home Assistant release (if known):
None, new installation (one month, earlier release as well

Operating environment (Hass.io/Docker/Windows/etc.):
Hass.io

Component/platform:
SSL Handshake fail & SSL Error using DuckDNS/Let's Encrypt Addon

Description of problem:
No connection possible via the https-protocol on several occasions per day.
It seems a random problem. When error is happening no https connection via DuckDNS possible. It stops working, than it just works again without any problem solving.

Problem-relevant configuration.yaml entries and (fill out even if it seems unimportant):

http:
  base_url: https://my_url.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  

Traceback (if applicable):

2019-04-01 11:06:52 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1056)
2019-04-01 11:06:52 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: UNSUPPORTED_PROTOCOL
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1056)

Earlier today:

2019-04-01 07:49:21 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:21 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:22 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:22 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:26 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:49:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:51:48 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-01 07:51:48 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

No errors (on this topic) between both.

Additional information:
Using port-forwarding on EdgeRouter X port 8123 and 443 to RPI 3b+.

[sabbatho]

Hi,
I have similar problem, for me nothing through https and duckdns will work. http and duckdns works so i am using http at the moment. Same error message in logs as Rick

Error doing job: SSL error errno:1 reason: SSLV3_ALERT_CERTIFICATE_UNKNOWN

15:11 /usr/local/lib/python3.7/site-packages/homeassistant/core.py (ERROR) - message first occured at 15:06 and shows up 23 times

Error doing job: SSL handshake failed

15:11 /usr/local/lib/python3.7/site-packages/homeassistant/core.py (ERROR) - message first occured at 15:06 and shows up 24 times

Thanks

[harfordhawk]

same here . tried many things disabling, etc, nothing helps. i can log in fine thru https but thousands of errors in log

[akovano]

Same here, and I don't use the duckdns add on, just using a Let's Encrypt wildcard cert I pulled from another machine. SSL is completely broken!

[chelming]

What are you trying to connect from? Is it possible that only TLS 1.3 is being allowed and you're connecting with a device that doesn't support TLS 1.3?

[akovano]

I am connecting from Macbook/OSX High Sierra

So I just ran the following command to make sure TLS 1.3 was enabled from OSX:
sudo defaults write /Library/Preferences/com.apple.networkd tcp_connect_enable_tls13 1

I then restarted and went to link below to verify TLS 1.3 capability:
https://www.ssllabs.com/ssltest/viewMyClient.html

I then re-enabled https in configuration.yaml, restarted Homeassistant, and I can connect via https to the UI now.
To be honest I'm not sure if it was the OSX TLS change or the restart that did it, but if others want to try the same and report back, we'll know if that was the issue.

[sabbatho]

For me the error showed it self when i was using Tasker in android, both with api password and with long lived token using https-duckdns.
And it also showed when using chrome both in an updated win10 aswell as android chrome.
And rss_feed_template using android simple rss also broke with https.

as soon as i went over to http all was working.
Have tried reinstalling duckdns addon aswell as manually deleting ssl-files.
Nothing was working except going to http, and duckdns with http is also working.

[chelming]

Start by checking what your client is capable of: https://www.ssllabs.com/ssltest/viewMyClient.html
Then check what HA is even willing to accept: https://www.cdn77.com/tls-test

To me this sounds like HA is only accepting TLS 1.3 and not all clients support it. 🤷‍♂️

[Rick-Git]

I don't know for sure if its a client problem.
The errors also show up at night and I sure am not using the webinterface at 3:43 ;-)

2019-04-03 03:43:41 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:1056)
2019-04-03 03:43:41 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:1056)

Also at this time no other people trying to log even, I'm not seeing any "Login attempt or request with invalid authentication from" rows in the log.

[chelming]

Also at this time no other people trying to log even, I'm not seeing any "Login attempt or request with invalid authentication from" rows in the log.

If you have a site that is open to the world, bet on it being scraped by bots trying to find vulnerabilities like wordpress installs, phpmyadmin with default credentials, and other various things that people leave open and don't change.

also, your error is different from the two posted in the OP. OP's issues were:
[SSL: UNSUPPORTED_PROTOCOL], which likely means something isn't capable of what the server will allow
[SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN], which is likely a client trying to do SSLv3 and the server not allowing it
[SSL: HTTP_REQUEST] sounds like something is requesting things on port 80 instead of port 443.

[Rick-Git]

Also at this time no other people trying to log even, I'm not seeing any "Login attempt or request with invalid authentication from" rows in the log.

If you have a site that is open to the world, bet on it being scraped by bots trying to find vulnerabilities like wordpress installs, phpmyadmin with default credentials, and other various things that people leave open and don't change.

also, your error is different from the two posted in the OP. OP's issues were:
[SSL: UNSUPPORTED_PROTOCOL], which likely means something isn't capable of what the server will allow
[SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN], which is likely a client trying to do SSLv3 and the server not allowing it
[SSL: HTTP_REQUEST] sounds like something is requesting things on port 80 instead of port 443.

You're right, the error is very different. Didn't know the last thing when it's requesting 80 instead of 443.
So why is it giving so many errors for port 80? Port 80 is closed from the internet. Nobody's on the network.

And I really do know that 'when it's open to the internet people are trying'.
That's why I'm also mentioning no login errors occur.

[chelming]

That's why I'm also mentioning no login errors occur.
you won't get a login error if someone is hitting yourdomain.duckdns.org/wp-admin/

is anything connecting to HA via IP address from inside your network using 8123 or http?

[harfordhawk]

Just to report in on my problem, I think I fixed it! I really suppose we all may have separate things causing this but for me it was port 80 was forwarded to my HA server ... This had not been a problem in the past but when I disabled that forward, the SSL errors seem to be gone!

EDIT: I may have spoken too soon! the errors seem to be significantly reduced, but still getting some

[chelming]

could you check to see what your server is accepting? https://www.cdn77.com/tls-test

if it's only accepting TLS 1.3 I think you are able to relax the settings to also allow TLS 1.2.

[harfordhawk]

this is what I get when I check it

TLS 1.3	NO
TLS 1.2	YES
TLS 1.1	NO
TLS 1.0	NO
SSLv3	NO
SSLv2	NO

[Rick-Git]

Here we go again:

Error doing job: SSL handshake failed
09:33 /usr/local/lib/python3.7/site-packages/homeassistant/core.py (ERROR) - message first occured at 08:36 and shows up 175 times

What ever I do, I cannot login via HTTPS anymore. Every HA-client device is failing right now.

Error doing job: SSL handshake failed

Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

Maybe some device is triggering, but I can't get explained why every device is failing as a result.

2019-04-05 09:52:00 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:01 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:01 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:01 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:01 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:01 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)
2019-04-05 09:52:02 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

[sabbatho]

With 0.91 freshly installed i tried going back to https through letsencrypt in duckdns addon, cause i dislike using http with HA open to internet.
I have same error still where https will not let me in at all, not through duckdns adress or https internal ip. I recieve access error, like there is nothing behind.
As soon as i ssh in and change configuration.yaml to use http all is working again.
Using chrome to access UI, Tasker to update sensors, simple rss widget in android for rss-data.
I have some of my config in git if there could be error in my config. the config i have in git is from before https stopped working, 0.90.0 for me. But i will update configuration.yaml so older versions can be used to check what i have changed and so on.
Hope someone might have a solution for this.

[CheeseySandal]

This has just happened to me on 0.91.3. I've been using LetsEncrypt/DuckDns for over a year with no issues and this morning I can't connect at all to https://my_domain.duckdns.org:8123

Trying to visit on my phone I get

Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

instantly in the logs.

My Addon log

# INFO: Using main config file /data/workdir/config
+ Account already registered!
Fri Apr 12 06:52:45 BST 2019: OK
xx.xx.xx.xx
NOCHANGE
# INFO: Using main config file /data/workdir/config
Processing xxxxxxxx.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Jun 22 11:38:14 2019 GMT Certificate will not expire
(Longer than 30 days). Skipping renew!

My config:

http:
  base_url: xxxxxx.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: true
  login_attempts_threshold: 3

ip_bans.yaml empty. I'm at a loss!

I can access locally via IP address if I ignore browser certificate warnings. All my automations are firing and my hadashboard is working too.

[sabbatho]

Hi, i just fixed my problem with this.
reference: https://community.home-assistant.io/t/bizarre-ui-access-issue/99055

duckdns addon seems to be the problem?

Just so you guys have something to try and perhaps to get the addon fixed?

[ittchmh]

Same error message in logs:
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

My cert was expired, renew certificate - resolved issue

[Mark612]

I recently upgraded to the latest and enabled the stream component. My SSL will occasionally stop working (can't connect) and then sometimes after will crash HA. Curious, anyone else have the new stream component on? May be related.

[RyuzakiKK]

Same here @Mark612
After some time I can't access anymore my UI, stuck at performing TLS handshake.
Nothing in the HA log when this happens.

I'll try to disable the stream component.

[sirs2k]

Same issue here on 92.2 Upgraded from .84 so not sure when this issue would have started.

HA Log

2019-05-15 22:05:00 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

Duckdns log shows + Valid till Jul 22 06:55:46 2019 GMT Certificate will not expire (Longer than 30 days). Skipping renew!

When this happens I can only access HA locally. https doesn't work

[RyuzakiKK]

@sirs2k are you using the stream component? Just to check if it may be related or not.

[sirs2k]

@sirs2k are you using the stream component? Just to check if it may be related or not.

Not sure what the stream component is my friend...

[RyuzakiKK]

@sirs2k are you using the stream component? Just to check if it may be related or not.

Not sure what the stream component is my friend...

This one https://www.home-assistant.io/components/stream/
Ok so I assume that the answer is no.

[sirs2k]

@sirs2k are you using the stream component? Just to check if it may be related or not.

Not sure what the stream component is my friend...

This one https://www.home-assistant.io/components/stream/
Ok so I assume that the answer is no.

Oh, nah I'm not using that :)

[ekendra-nz]

Same thing for me:

  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1056)

Weird because I know the cert is valid and current. I'm not using DuckDNS, just Let's Encrypt on a domain pointing to my public static ip4.

Home assistant is just inoperable until I get this working as I've set callbacks to remote data to the domain that isn't validating.

[InfernoJaffa]

Any Fixes in place for this yet?

[koenvanderlinden]

I get this error when connecting to my HA with the internal IP.
So configured for https://xxxxxx.duckdns.org/
Can access it correctly from outside my network (via Port Forward 443=>8123). However from inside https://xxxxxx.duckdns.org/ nor https://xxxxxx.duckdns.org:8123/ is working.
So I then connected using the ip address. Browsing to https://192.168.x.y:8123/ works, but with browser SSL warning, and then the errors of sl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] came along.

Maybe this helps a bit to solve the problem.

[ittchmh]

You should edit your local hosts file and add record like this: your internal IP - DNS name
In windows path to file is: c:\windows\system32\drivers\etc\hosts
Record to add:
192.168.1.101 xxxxx.duckdns.org

Or if your router support host-dns mapping, add mapping to your router configuration

[koenvanderlinden]

@ittchmh Yes I already added the entry and it works without browser ssl error. Also HA did not show the ssl errors anymore.

[stale]

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates.
Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍
This issue now has been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.