[SOLVED] Issue with HTTP Binding + issue with SSL certificate

ariela · November 6, 2018, 2:02pm

Hi folks,

I’ve an issue with http binding.

Today I’ve found this error in my logs:

ERROR] [org.openhab.io.net.http.HttpUtil    ] - Fatal transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

At the end of my checks I’ve found that the website https://www.meteoalarm.eu from today has an expired certificate.

Any clue how to add an exception for that?

The second issue is with http binding configuration. Trying to reduce my logs I was thinking to solve this issue commenting out the part related to meteoalarm in my http.cfg

This is the piece of code:

# configuration of Meteoalarm cache every 10 mins

#MeteoalarmToday.url=https://www.meteoalarm.eu/en_UK/0/0/IT003-Lombardia.html
#MeteoalarmToday.updateInterval=600000

#MeteoalarmTomorrow.url=https://www.meteoalarm.eu/en_UK/1/0/IT003-Lombardia.html
#MeteoalarmTomorrow.updateInterval=600000

the problem is, even if commented out, the evidence in my logs is the binding is still asking for updating the cache:

2018-11-06 14:38:15.951 [DEBUG] [ab.binding.http.internal.HttpBinding] - item 'Http_Meteoalarm_Today8' is fetched from cache
2018-11-06 14:38:15.952 [DEBUG] [ab.binding.http.internal.HttpBinding] - updating cache for 'MeteoalarmToday' ('https://www.meteoalarm.eu/en_UK/0/0/IT003-Lombardia.html')
2018-11-06 14:38:16.018 [ERROR] [org.openhab.io.net.http.HttpUtil    ] - Fatal transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2018-11-06 14:38:16.019 [ERROR] [ab.binding.http.internal.HttpBinding] - No response received from 'MeteoalarmToday'

my item:

String Http_Meteoalarm_Today8 "MeteoAlarm: [MAP(meteoalarm-forestfire.map):%s]" <meteoalarm_forestfire> { http="<[MeteoalarmToday:10000:REGEX(.*aw8.*?([0-9]+).*.?)]"}

Any clue?

I’ve also rebooted my system, nothing.

thanks
Andrea

Dim · November 6, 2018, 2:11pm

try adding this line as the first line in the file:

pid:org.openhab.http

ariela · November 6, 2018, 2:16pm

Now my http.cfg is like this:

pid:org.openhab.http

# timeout in milliseconds for the http requests (optional, defaults to 5000)
#timeout=

# the interval in milliseconds when to find new refresh candidates
# (optional, defaults to 1000)
#granularity=

# whether to substitute the current time or state value into the URL
# (optional, defaults to true)
#format=

# configuration of the first cache item
#<id1>.url=
#<id1>.updateInterval=

# configuration of the second cache item  
#<id2>.url=
#<id2>.updateInterval=

# configuration of Meteoalarm cache every 10 mins

#MeteoalarmToday.url=https://www.meteoalarm.eu/en_UK/0/0/IT003-Lombardia.html
#MeteoalarmToday.updateInterval=600000

#MeteoalarmTomorrow.url=https://www.meteoalarm.eu/en_UK/1/0/IT003-Lombardia.html
#MeteoalarmTomorrow.updateInterval=600000

<...>

then? Shall I try again with debug?

Dim · November 6, 2018, 2:17pm

restart the bundle from the OH2 console (or restart the OH2 service) and check DEBUG logs

I am not 100% sure that this is the correct Service ID for the http binding
you can check by: config:list |grep http in the console

ariela · November 6, 2018, 2:30pm

2018-11-06 15:24:48.842 [WARN ] [g.dispatch.internal.ConfigDispatcher] - The file /etc/openhab2/services/http.cfg subsequently defines the exclusive PID 'org.openhab.http'. Overriding existing configuration now.
...
2018-11-06 15:19:08.421 [DEBUG] [.binding.http.internal.HttpActivator] - HTTP binding has been started.
2018-11-06 15:19:08.431 [DEBUG] [org.openhab.binding.http            ] - BundleEvent STARTED - org.openhab.binding.http
…
2018-11-06 15:19:09.372 [DEBUG] [org.openhab.binding.http            ] - ServiceEvent REGISTERED - {org.osgi.service.cm.ManagedService, org.osgi.service.event.EventHandler}={service.id=413, service.bundleid=228, service.scope=bundle, event.topics=openhab/*, service.pid=org.openhab.http, component.name=org.openhab.binding.http, component.id=263} - org.openhab.binding.http
2018-11-06 15:19:09.380 [INFO ] [b.core.service.AbstractActiveService] - HTTP Refresh Service has been started
…
2018-11-06 15:19:10.966 [DEBUG] [ab.binding.http.internal.HttpBinding] - item 'Http_Meteoalarm_Today8' is not a valid URL or is a cache id yet to be initialised (MeteoalarmToday)

mmm … service ID is maybe org.openhab.binding.http ???

openhab> config:list | grep http
   opmlUrl = http://opml.radiotime.com/Describe.ashx?c=nowplaying&partnerId=IAeIhU42&id=%id&serial=%serial
   ecf = http://download.eclipse.org/rt/ecf/RELEASE/site.p2/karaf-features.xml
   binding = amazondashbutton,nest,kodi,http1,netatmo,ntp,sonos,systeminfo,mqtt1,expire1,exec,network,hue,logreader,wol1,snmp1,openuv,astro,zwave
   frontail.link-url = http://192.168.xx.1:9001
   grafana.link-url = http://192.168.xx.1:3000
   openhabiandocs.link-url = https://docs.openhab.org/installation/openhabian.html
Pid:            org.openhab.http
BundleLocation: mvn:org.openhab.binding/org.openhab.binding.http/1.13.0-SNAPSHOT
   AqicnPascal.url = https://api.waqi.info/feed/@9132/?token=xxxxxxxxxx
   AqicnSenato.url = https://api.waqi.info/feed/@9118/?token=xxxxxxxxxx
   darkSKY.url = https://api.darksky.net/forecast/xxxxxxxxxx/45.465049,9.094616?units=si
   service.pid = org.openhab.http
   weatherbit.url = https://api.weatherbit.io/v2.0/current?lat=45.465049&lon=9.094616&key=xxxxxxxxxx
   weatherbitFore.url = https://api.weatherbit.io/v2.0/forecast/daily?lat=45.465049&lon=9.094616&key=xxxxxxx
   url = http://192.168.10.1:8086
   baseURL = https://myopenhab.org
   log4j2.logger.org_openhab_binding_http.level = DEBUG
   log4j2.logger.org_openhab_binding_http.name = org.openhab.binding.http
   org.ops4j.pax.url.mvn.repositories = https://openhab.jfrog.io/openhab/online-repo-snapshot/2.4@id=openhab@snapshots
   org.osgi.service.http.secure.enabled = true
   org.osgi.service.http.useNIO = true
   feature.esh-io-transport-http/0.10.0.SNAPSHOT = esh-io-transport-http/0.10.0.SNAPSHOT
   feature.esh.tp-httpclient/0.10.0.SNAPSHOT = esh.tp-httpclient/0.10.0.SNAPSHOT
   feature.openhab-transport-http/2.4.0.SNAPSHOT = openhab-transport-http/2.4.0.SNAPSHOT
openhab>

Dim · November 6, 2018, 2:31pm

no, it is ok now

the stale config cache has been removed

now you need to comment out the item and you won’t see any more logs

ariela · November 6, 2018, 2:32pm

But any chance to bypass the ssl check and add as exception the expired certificate?

Dim · November 6, 2018, 2:33pm

doubt it
notify the webmaster of meteoalarm.eu to wake up and pay Comodo for a renewal

(or… use regular http to access their site?)

this works:
http://www.meteoalarm.eu/en_UK/0/0/IT003-Lombardia.html

you can now remove the pid: line in your http.cfg
It is used as a “cleanup” tool