[SOLVED] iCloud Unable to refresh device data

idkpmiller · October 25, 2018, 8:06pm

I have started to see the error below very regularly filling up my logs.
Doe any one have this and any ideas for a solution. seems similar to one we had not so long ago.

==> /var/log/openhab2/openhab.log <==

2018-10-26 08:56:13.463 [WARN ] [d.handler.ICloudAccountBridgeHandler] - Unable to refresh device data

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]

	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) ~[?:?]

	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) ~[?:?]

	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) ~[?:?]

	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) ~[?:?]

	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) ~[?:?]

	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:?]

	at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) ~[?:?]

	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) ~[?:?]

	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) ~[?:?]

	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) ~[?:?]

	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) ~[?:?]

	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) ~[?:?]

	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[?:?]

	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334) ~[?:?]

	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309) ~[?:?]

	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259) ~[?:?]

	at org.openhab.binding.icloud.internal.Connection.postRequest(Connection.java:95) ~[?:?]

	at org.openhab.binding.icloud.internal.Connection.requestDeviceStatusJSON(Connection.java:55) ~[?:?]

	at org.openhab.binding.icloud.handler.ICloudAccountBridgeHandler.lambda$0(ICloudAccountBridgeHandler.java:81) ~[?:?]

	at org.eclipse.smarthome.core.cache.ExpiringCache.refreshValue(ExpiringCache.java:81) ~[?:?]

	at org.eclipse.smarthome.core.cache.ExpiringCache.getValue(ExpiringCache.java:61) ~[?:?]

	at org.openhab.binding.icloud.handler.ICloudAccountBridgeHandler.refreshData(ICloudAccountBridgeHandler.java:132) ~[?:?]

	at org.openhab.binding.icloud.handler.ICloudAccountBridgeHandler.lambda$1(ICloudAccountBridgeHandler.java:123) ~[?:?]

	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:?]

	at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:?]

	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:?]

	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:?]

	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:?]

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:?]

	at java.lang.Thread.run(Thread.java:748) [?:?]

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[?:?]

	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:?]

	at sun.security.validator.Validator.validate(Validator.java:262) ~[?:?]

	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]

	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:?]

	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:?]

	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) ~[?:?]

	... 26 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?]

	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?]

	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:?]

	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[?:?]

	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:?]

	at sun.security.validator.Validator.validate(Validator.java:262) ~[?:?]

	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]

	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:?]

	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:?]

	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) ~[?:?]

	... 26 more

rlkoshak · October 25, 2018, 10:39pm

The error looks like Apple changed their SSL certificate.

What version of Java are you running? Perhaps an upgrade will resolve it. An upgrade of Java should include updated trusted CAs.

I’m just guessing though.

wborn · October 25, 2018, 10:52pm

See: Icloud binding - General SSLEngine problem

idkpmiller · October 26, 2018, 3:15am

no updates pending I am on the latest for my distro

Java™ SE Runtime Environment (build 1.8.0_191-b12)

Java HotSpot™ 64-Bit Server VM (build 25.191-b12, mixed mode)

idkpmiller · October 26, 2018, 5:06am

I fixed this back in July/August when the commands to download the new certificates were provided in the thread you posted.
I have tried again this time and see no improvement this time.
I will read once more through that thread in case I missed something

idkpmiller · October 28, 2018, 3:36am

Went back through the old thread which I had corrected a few months ago and did the same thing again. It is now working correctly after restarting Openhab.
I have no idea why it suddenly dropped back to not knowing the cert.

Thanks for your responses

Paul

rlkoshak · October 28, 2018, 4:09pm

Can you post a link to the old thread that fixed the problem? That will help future users find the solution when they have this same problem.

idkpmiller · October 28, 2018, 6:52pm

It is already there, the link is in the post #3 and in the solved by segment.