Grohe Ondus

Hmm, that’s interesting, the binding should update the refresh token on a regular basis, which should result in the openHAB binding being logged in infinitely I’ll take a look, if the Grohe API changed in a way that this is not supported anymore.

Not that I know of. However, to be honest, I’ve just a friend, who uses the sense guard, I’m not using it by myself, so I might miss something here. I’ll recheck with them.

Is there something I can do to help solve this issue I’m having?

It is working great for me. The only thing I noticed is that if an device stops reporting to grohe, the binding doesn’t handle null event gracefully
Long shot:
You said that you’ve put 15 min refresh rate, is it possible that this is to often? I haven’t put anything in the refresh rate field.

Sorry, the last days were a bit full.

I would be interested in the answer to @rockit4 questions as well. Also: Are you using a refresh token login or username/password? It would also be interesting to know if there are any exceptions or other interesting log messages? Am I right, that the values in the app are still being updated?

Forgot to add that my account was created about 1 year ago.

Hello together,

I’m running openhab on a synology nas. I followed the steps to get the refresh token, after saving it under http://ip:port/groheondus nothing happened in openhab. There were no new things also if I try to add manually. What else can I do?

Thanks for your help.

Daniel

Hi,

Unfortunately, last Wednesday my Grohe Ondus setup stopped working, it has been well running since new year.

Recently I did play around with some OpenHAB Zigbee configuration and did an OpenHAB 2.5.2-1 update too. I’m not sure it has something to do with that, but the reported daily consumption has not been updated since Wednesday. Looking up PaperUI->Configuration->Things the Grohe Ondus Account has state “OFFLINE - COMMUNICATION_ERROR”

Clicking properties, the detailed message is:
Status: OFFLINE - COMMUNICATION_ERROR sun.security.validator.ValidatorException: TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=thawte Primary Root CA - G3, OU=“© 2008 thawte, Inc. - For authorized use only”, OU=Certification Services Division, O=“thawte, Inc.”, C=US

I have tried to update the refresh token without luck.

Anyone with similar issue?

Best regards Ole

I got the Same error and the Bindung does not work. The Grohe Sense Guard was installed last week. Since this moment I tried to get it working. Perhaps the update of the Grohe sense guard itself is the Problem.

Status: OFFLINE - COMMUNICATION_ERROR sun.security.validator.ValidatorException: TLS Server certificate issued after 2019-04-16 and anchored by a distrusted legacy Symantec root CA: CN=thawte Primary Root CA - G3, OU=“© 2008 thawte, Inc. - For authorized use only”, OU=Certification Services Division, O=“thawte, Inc.”, C=US

I’m quite sure my sense guard did not receive any updates since 22-01-2020, that’s at least what the app states.

@FlorianSW Any idea?

This is a problem related to the following issue:
The binding in the latest release version uses a library, the grohe-ondus-api in a version, which pinned the communication to the GROHE Api to the API endpoint using https://idp-apigw.cloud.grohe.com. Looking at this endpoint, it uses a certificate from Symantec:

$ openssl s_client -connect idp-apigw.cloud.grohe.com:443
CONNECTED(000001BC)
---
Certificate chain
 0 s:C = DE, L = D\C3\BCsseldorf, O = Grohe AG, CN = *.cloud.grohe.com
   i:C = US, O = "DigiCert, Inc.", OU = www.digicert.com, CN = DigiCert TLS ICA Thawte PCA-G3
 1 s:C = US, O = "DigiCert, Inc.", OU = www.digicert.com, CN = DigiCert TLS ICA Thawte PCA-G3
   i:C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2008 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G3
---

The thawte Primary Root CA - G3 in the certificate root chain is distrusted by many major browsers, as well as by Oracles and OpenJDKs Java implementation since mid last year (see Oracles statement for that). So, the problem seems to be related to a recent Java update you made on your system where openHAB is running. According to this update, Java 8 has this distrust since Update 211, however, the info is made for the JDK, the JRE probably follows the same notes.

As a solution, the next stable release of the GROHE binding will include the recent version of the user library, which uses the the new API gateway version, idp2-apigw.cloud.grohe.com, which currently uses a new, trusted, certificate chain:

$ openssl s_client -connect idp2-apigw.cloud.grohe.com:443
CONNECTED(000001BC)
---
Certificate chain
 0 s:CN = *.cloud.grohe.com
   i:C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
 1 s:C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
   i:C = US, O = Amazon, CN = Amazon Root CA 1
 2 s:C = US, O = Amazon, CN = Amazon Root CA 1
   i:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
 3 s:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
   i:C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
---

As a solution or workaround until the stable version is released, there should be two ways:

• Install a snapshot version of the binding. It should work in the latest stable release as well, however, I can not guarantee it.
• Manually bypassing the distrust in certificates anchored by thawte Primary Root CA - G3, however, I’m not sure, if that is possible, neither would I recommend it. The distrust in the Symantec CA was done for serious reasons, which makes it hard to trust any certificate presented which has an Symantec cert in the chain. Controlling smart home devices with this distrust in mind is probably not the best idea, therefore I would recommend solution 1.

Hi All,

I would like to purchase a Sense Guard, and I would like to know if now everything’s working as expected.

Thanks for your support

Andrea

Hmm I would say partly.
I have communication working with the API but it drops out and I have to restart the binding to get it back online. The functionallity is not the best due to Grohe not providing an official API and this has been reverse engineered from the app. But it work if you really want it to
But the main part to get to Grohe is to not have your house flooded, this is only a bonus in my opinion.

It’s working initially when you set it up. But it doesn’t update more than maybe once a day. If you restart the binding it comes back. But don’t count on it to be controlled or get messages via openhab reliably. But the unit it selves is working brilliantly and has its own app that informs you about leaks, running toilets etc. Has saved me a couple of times when a toilet has been running or a hose in the garden has jumped off.

Hi all, just got my new Grohe Sense Guard and try to add it to OH3.2. The Grohe Ondus Account Thing is there and “Online”. But … how do I get the application ID, room ID and location ID that I need for the configuration of the Sense Guard Thing??

I guess I missed something somewhere, looked everywhere incl. Github but couldn’t find the answer. Any hint would be much appreciated!

If you have everything set up in the Grohe app, you just need to scan for new devices in OH3.
It will find the same as the app and no need to enter any info manually.

Thanks so much for the quick reply. Unfortunately, I only see the Bridge, the Sense Guard Thing does not come up. I guess I would see the Sense Guard in the Inbox or my things list? It’s not there. I use a text-file config for the bridge thing. Not sure what I’m missing or doing wrong.

Ha, again disabled and re-enabled the bridge, and now finally it appeared after the scan! Thank you very much again!

Hi all, now that the binding and the SenseGuard thing is working for me (with the binding 3.3 beta on OH3.2), I get funny readings for the water consumption item. What is “waterconsumption” really providing? I thought this is simply a counter that constantly increases with each consumption over time. Looks, however, it gets modified at midnight but in a strange way (kind of resets to yesterday’s volume but then continues to add up?). Any clarification would be very helpful for me.

In the OpenHAB Binding example for the thing, I also found the following code:

        Channels:
            Type number : waterconsumption [
               timeframe=3
            ]

I have not found any meaning or explanation around this, and did not add it to the thing. What does it mean, is it required and what does it do, and what does “timeframe=3” mean? Any help or a link to documentation would be much appreciated.

Hi FlorianSW, all

maybe a general question to the Grohe Ondus binding:
I bought a Sense flood sensor and successfully integrated it into openhab3. Collecting temperature, humidity, battery and name works perfectly.
However, I am wondering why there is no channel to get information about a flood event. That would be the most important information and is supported by the app.
In case that is only some work to do, happy to help here.

Thanks and Best, Lui