Evohome binding not able to log in since today

Hi all,

Since today my evohome binding stopped working. It looks like the binding cannot authenticate anymore, although I can still log in on the app on my phone and my password has not changed. O put the binding on debug. The error that I am getting is bellow. Is there anybody who knows a solutuon? Im on openhab 4.2 on docker on a raspberry pi 5.

2024-12-12 20:27:55.182 [INFO ] [ab.event.ThingStatusInfoChangedEvent] - Thing 'evohome:account:straat' changed from UNINITIALIZED (DISABLED) to INITIALIZING
2024-12-12 20:27:55.184 [DEBUG] [nding.evohome.internal.api.ApiAccess] - Requesting: [https://tccna.honeywell.com/Auth/OAuth/Token]
2024-12-12 20:27:55.406 [DEBUG] [nding.evohome.internal.api.ApiAccess] - Error in handling request:
java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching tccna.honeywell.com found.
        at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118) ~[?:?]
        at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:101) ~[?:?]
        at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:732) ~[?:?]
        at org.openhab.binding.evohome.internal.api.ApiAccess.doRequest(ApiAccess.java:110) ~[?:?]
        at org.openhab.binding.evohome.internal.api.EvohomeApiClient.authenticate(EvohomeApiClient.java:189) ~[?:?]
        at org.openhab.binding.evohome.internal.api.EvohomeApiClient.authenticateWithUsername(EvohomeApiClient.java:208) ~[?:?]
        at org.openhab.binding.evohome.internal.api.EvohomeApiClient.login(EvohomeApiClient.java:83) ~[?:?]
        at org.openhab.binding.evohome.internal.handler.EvohomeAccountBridgeHandler.lambda$0(EvohomeAccountBridgeHandler.java:85) ~[?:?]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) [?:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) [?:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
        at java.lang.Thread.run(Thread.java:840) [?:?]
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching tccna.honeywell.com found.
        at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:378) ~[?:?]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:316) ~[?:?]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) ~[?:?]
        at sun.security.ssl.CertificateStatus$CertificateStatusConsumer.consume(CertificateStatus.java:293) ~[?:?]
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?]
        at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?]
        at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?]
        at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?]
        at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?]
        at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:654) ~[?:?]
        at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:168) ~[?:?]
        at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:80) ~[?:?]
        at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:131) ~[?:?]
        at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:172) ~[?:?]
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[?:?]
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[?:?]
        at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555) ~[?:?]
        at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410) ~[?:?]
        at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164) ~[?:?]
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[?:?]
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) ~[?:?]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) ~[?:?]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) ~[?:?]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) ~[?:?]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) ~[?:?]
        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409) ~[?:?]
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) ~[?:?]
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) ~[?:?]
        ... 1 more
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching tccna.honeywell.com found.
        at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:212) ~[?:?]
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:103) ~[?:?]
        at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:458) ~[?:?]
        at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:418) ~[?:?]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:292) ~[?:?]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?]
        at org.openhab.core.io.net.http.internal.ExtensibleTrustManagerImpl.checkServerTrusted(ExtensibleTrustManagerImpl.java:123) ~[?:?]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632) ~[?:?]
        at sun.security.ssl.CertificateStatus$CertificateStatusConsumer.consume(CertificateStatus.java:293) ~[?:?]
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?]
        at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[?:?]
        at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[?:?]
        at java.security.AccessController.doPrivileged(AccessController.java:712) ~[?:?]
        at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[?:?]
        at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:654) ~[?:?]
        at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:168) ~[?:?]
        at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:80) ~[?:?]
        at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:131) ~[?:?]
        at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:172) ~[?:?]
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[?:?]
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[?:?]
        at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555) ~[?:?]
        at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410) ~[?:?]
        at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164) ~[?:?]
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[?:?]
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) ~[?:?]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338) ~[?:?]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315) ~[?:?]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173) ~[?:?]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) ~[?:?]
        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409) ~[?:?]
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) ~[?:?]
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) ~[?:?]
        ... 1 more
2024-12-12 20:27:55.411 [DEBUG] [vohome.internal.api.EvohomeApiClient] - Authorization failed
2024-12-12 20:27:55.413 [INFO ] [ab.event.ThingStatusInfoChangedEvent] - Thing 'evohome:account:straat' changed from INITIALIZING to OFFLINE (COMMUNICATION_ERROR): Authentication failed


I looked into this some more. It looks like there is a certificate error. The binding tries to https://tccna.honeywell.com/. However, the certificate of that website is for tccns.resideo.com.

Looks like either the binding needs to be altered, or honeywell needs to adjust the certificate. That last thing is probably not going to happen.

Hi Mark, I’ve same issue with this binding. I’m just trying to login in different tcc portals unsuccessfully. It seems that my account doesn’t exists, so I cannot login neither from web.

Hi, thank you. I can still access my account with the app. How about you?

Suddenly my binding started working again. I didn’t do anything. I suppose the certificate was fixed.

Me too was able to access only via the android app.
I’ve just checked openhab and webapp access and now they are working both.
Some mistake by someone I suppose, maybe there is some change in the air…