SonoffLAN icon indicating copy to clipboard operation
SonoffLAN copied to clipboard

Published 20 hours ago verified publisher icon AlexxIT

eWeLink Coolkit SSL issue

Open n-vodenicharski opened this issue 1 year ago • 9 comments

Looks like there is issue with the SSL validation of the CoolKit servers, thus the cloud managed devices are not working.

A solution will be to add configurable ssl_verify parameter when creating the session: async_get_clientsession(hass, False) in custom_components/sonoff/init.py and custom_components/sonoff/config_flow.py

n-vodenicharski avatar Aug 23 '23 13:08 n-vodenicharski

What exact coolkit domain you talking about? I haven't seen any problems

AlexxIT avatar Oct 15 '23 14:10 AlexxIT

It is either the China or the EU once - I have put a local fix to the issue and don't have the errors anymore.

n-vodenicharski avatar Oct 18 '23 14:10 n-vodenicharski

I have same problem, I think [custom_components.sonoff.core.ewelink.cloud] Cloud WS Connection error: Cannot connect to host eu-pconnect8.coolkit.cc:8080 ssl:default [None] [custom_components.sonoff.core.ewelink.cloud] Cloud WS Connection error: Cannot connect to host eu-pconnect5.coolkit.cc:8080 ssl:default [None] and other servers upd. My mistake in Router DNAT rule.

azharkov78 avatar Oct 23 '23 08:10 azharkov78

@azharkov78 can you share what was your mistake and what changes did you make to solve it?

porkytin avatar Nov 09 '23 19:11 porkytin

@azharkov78 can you share what was your mistake and what changes did you make to solve it?

Mistake was in DNAT rules in Mikrotik router. I forget select IN interface. And all traffic to port 8080 (local and from wan) go dnat local ip

azharkov78 avatar Nov 10 '23 08:11 azharkov78

I had a very similar issue on my network, where all Sonoff devices were working properly on ewelink app but I was unable to use them through HA. I've enabled debugging and found multiple rows like this: [custom_components.sonoff.core.ewelink.cloud] Cloud WS Connection error: Cannot connect to host eu-pconnect8.coolkit.cc:8080 ssl:default [None] I've found that my firewall's outbound policy was blocking the outside connection to port 8080. After creating a proper allow rule all devices are back in HA.

There is one thing I wasn't able to understand tho, I always had this firewall and I've never reconfigured the IoT VLAN outbound policy, the Sonoff devices have been working for two years, then they suddenly stopped working. I'm wondering if coolkit.cc was working on standard 80/443 ports, and then they changed it to 8080? And why, by the way, use a non-standard 8080 port for an SSL connection in 2024?

I'm using the master branch version of the SonoffLAN, not a Release, should this help troubleshoot the issue.

mlnzigzag avatar Dec 28 '23 12:12 mlnzigzag

The cause of the issue are the coolkit servers. The SonoffLAN starts the comunication with GET call "https://eu-dispa.coolkit.cc/dispatch/app" The server response is: { "domain": "eu-pconnect5.coolkit.cc", "reason": "ok", "error": 0, "IP": "52.57.51.171", "port": 8080 } Then the web socket communication continues with: wss://eu-pconnect5.coolkit.cc:8080/api/ws. And this sometimes fails sometimes not. Using wss://eu-pconnect5.coolkit.cc:443/api/ws seems to be working fine.

n-vodenicharski avatar Dec 29 '23 10:12 n-vodenicharski

Implementation reference: custom_components/sonoff/core/ewelink/cloud.py:297

n-vodenicharski avatar Dec 29 '23 10:12 n-vodenicharski

The cause of the issue are the coolkit servers. The SonoffLAN starts the comunication with GET call "https://eu-dispa.coolkit.cc/dispatch/app" The server response is: { "domain": "eu-pconnect5.coolkit.cc", "reason": "ok", "error": 0, "IP": "52.57.51.171", "port": 8080 } Then the web socket communication continues with: wss://eu-pconnect5.coolkit.cc:8080/api/ws. And this sometimes fails sometimes not. Using wss://eu-pconnect5.coolkit.cc:443/api/ws seems to be working fine.

Thanks a lot, I knew it was something weird at their side!

mlnzigzag avatar Dec 29 '23 10:12 mlnzigzag