hon SSL unable to get local issuer certificate - WORKAROUND SOLUTION IN THIS ISSUE!

When i attempt to use pyhOn or the HACS integration, i receive the following error:

Traceback (most recent call last):
  File "/usr/local/lib/python3.12/dist-packages/aiohttp/connector.py", line 1122, in _wrap_create_connection
    return await self._loop.create_connection(*args, **kwargs, sock=sock)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/asyncio/base_events.py", line 1149, in create_connection
    transport, protocol = await self._create_connection_transport(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/asyncio/base_events.py", line 1182, in _create_connection_transport
    await waiter
  File "/usr/lib/python3.12/asyncio/sslproto.py", line 578, in _on_handshake_complete
    raise handshake_exc
  File "/usr/lib/python3.12/asyncio/sslproto.py", line 560, in _do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.12/ssl.py", line 917, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/bin/pyhOn", line 8, in <module>
    sys.exit(start())
             ^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/pyhon/__main__.py", line 107, in start
    asyncio.run(main())
  File "/usr/lib/python3.12/asyncio/runners.py", line 194, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/asyncio/runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/asyncio/base_events.py", line 687, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/pyhon/__main__.py", line 75, in main
    async with Hon(*get_login_data(args), test_data_path=test_data_path) as hon:
  File "/usr/local/lib/python3.12/dist-packages/pyhon/hon.py", line 41, in __aenter__
    return await self.create()
           ^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/pyhon/hon.py", line 77, in create
    await self.setup()
  File "/usr/local/lib/python3.12/dist-packages/pyhon/hon.py", line 104, in setup
    appliances = await self.api.load_appliances()
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/pyhon/connection/api.py", line 86, in load_appliances
    async with self._hon.get(f"{const.API_URL}/commands/v1/appliance") as resp:
  File "/usr/lib/python3.12/contextlib.py", line 210, in __aenter__
    return await anext(self.gen)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/pyhon/connection/handler/base.py", line 64, in get
    async with self._intercept(*args, **kwargs) as response:
  File "/usr/lib/python3.12/contextlib.py", line 210, in __aenter__
    return await anext(self.gen)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/pyhon/connection/handler/hon.py", line 75, in _intercept
    kwargs["headers"] = await self._check_headers(kwargs.get("headers", {}))
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/pyhon/connection/handler/hon.py", line 64, in _check_headers
    await self.auth.authenticate()
  File "/usr/local/lib/python3.12/dist-packages/pyhon/connection/auth.py", line 261, in authenticate
    if not await self._load_login():
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/pyhon/connection/auth.py", line 104, in _load_login
    login_url = await self._introduce()
                ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/pyhon/connection/auth.py", line 120, in _introduce
    async with self._request.get(url) as response:
  File "/usr/lib/python3.12/contextlib.py", line 210, in __aenter__
    return await anext(self.gen)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/pyhon/connection/handler/base.py", line 64, in get
    async with self._intercept(*args, **kwargs) as response:
  File "/usr/lib/python3.12/contextlib.py", line 210, in __aenter__
    return await anext(self.gen)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/pyhon/connection/handler/auth.py", line 36, in _intercept
    async with method(url, *args, **kwargs) as response:
  File "/usr/local/lib/python3.12/dist-packages/aiohttp/client.py", line 1425, in __aenter__
    self._resp: _RetType = await self._coro
                           ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/aiohttp/client.py", line 703, in _request
    conn = await self._connector.connect(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/aiohttp/connector.py", line 548, in connect
    proto = await self._create_connection(req, traces, timeout)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/aiohttp/connector.py", line 1056, in _create_connection
    _, proto = await self._create_direct_connection(req, traces, timeout)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/aiohttp/connector.py", line 1400, in _create_direct_connection
    raise last_exc
  File "/usr/local/lib/python3.12/dist-packages/aiohttp/connector.py", line 1369, in _create_direct_connection
    transp, proto = await self._wrap_create_connection(
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/dist-packages/aiohttp/connector.py", line 1124, in _wrap_create_connection
    raise ClientConnectorCertificateError(req.connection_key, exc) from exc
aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host account2.hon-smarthome.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')]
Unclosed client session
client_session: <aiohttp.client.ClientSession object at 0x7f57ed1047d0>
Unclosed client session
client_session: <aiohttp.client.ClientSession object at 0x7f57ed104800>

This happens both on my HomeAssistant host and on my local machine.

Feb 06 '25 11:02 mwPandoraid

fixed it on my side but leaving the issue open since this is not the intended process most likely FIX:

go to https://account2.hon-smarthome.com/
export RapidSSL certificate
import it, on ubuntu:
- sudo mv rapidssl.crt /usr/local/share/ca-certificates/rapidssl.crt
- sudo update-ca-certificates

after that it should work just fine

Feb 06 '25 12:02 mwPandoraid

seems to be an issue on haier's side though, it started today after 2am Europe/Warsaw timezone

Feb 06 '25 12:02 mwPandoraid

^ the above was insufficient for actual HA integration, i had to use this plugin: https://github.com/Athozs/hass-additional-ca

Feb 06 '25 12:02 mwPandoraid

^ the above was insufficient for actual HA integration, i had to use this plugin: https://github.com/Athozs/hass-additional-ca

thanks!!

Feb 06 '25 14:02 danyrd92

I can confirm that this fix works.

Just a note that the idea is to open the website and download the certificate from the browser. Took me a bit more than I am proud to say to find that out :)

Feb 06 '25 17:02 jfmcarreira

I tried the work around described but get this error setting up the additional_ca add-on:

Logger: homeassistant.setup Bron: setup.py:416 Eerst voorgekomen: 17:25:54 (1 gebeurtenissen) Laatst gelogd: 17:25:54

Error during setup of component additional_ca Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/setup.py", line 416, in _async_setup_component result = await task ^^^^^^^^^^ File "/config/custom_components/additional_ca/init.py", line 54, in async_setup await update_certifi_certificates(hass, config) File "/config/custom_components/additional_ca/init.py", line 170, in update_certifi_certificates cert = await f.read() ^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/site-packages/aiofiles/threadpool/utils.py", line 43, in method return await self._loop.run_in_executor(self._executor, cb) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/concurrent/futures/thread.py", line 59, in run result = self.fn(*self.args, **self.kwargs) File "", line 325, in decode UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

Feb 06 '25 17:02 Jansmeister

I tried the work around described but get this error setting up the additional_ca add-on:

Logger: homeassistant.setup Bron: setup.py:416 Eerst voorgekomen: 17:25:54 (1 gebeurtenissen) Laatst gelogd: 17:25:54

Error during setup of component additional_ca Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/setup.py", line 416, in _async_setup_component result = await task ^^^^^^^^^^ File "/config/custom_components/additional_ca/init.py", line 54, in async_setup await update_certifi_certificates(hass, config) File "/config/custom_components/additional_ca/init.py", line 170, in update_certifi_certificates cert = await f.read() ^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/site-packages/aiofiles/threadpool/utils.py", line 43, in method return await self._loop.run_in_executor(self._executor, cb) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/concurrent/futures/thread.py", line 59, in run result = self.fn(*self.args, **self.kwargs) File "", line 325, in decode UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

Can you show me the contents of the certificate you exported? In text form (for example open in notepad or just use cat), it should look something like this:

Feb 06 '25 17:02 mwPandoraid

I tried the work around described but get this error setting up the additional_ca add-on: Logger: homeassistant.setup Bron: setup.py:416 Eerst voorgekomen: 17:25:54 (1 gebeurtenissen) Laatst gelogd: 17:25:54 Error during setup of component additional_ca Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/setup.py", line 416, in _async_setup_component result = await task ^^^^^^^^^^ File "/config/custom_components/additional_ca/init.py", line 54, in async_setup await update_certifi_certificates(hass, config) File "/config/custom_components/additional_ca/init.py", line 170, in update_certifi_certificates cert = await f.read() ^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/site-packages/aiofiles/threadpool/utils.py", line 43, in method return await self._loop.run_in_executor(self._executor, cb) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/concurrent/futures/thread.py", line 59, in run result = self.fn(*self.args, **self.kwargs) File "", line 325, in decode UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

Can you show me the contents of the certificate you exported? In text form (for example open in notepad or just use cat), it should look something like this:
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj
ap/ap9zy1aYNrphe7YcaNwMoPsZvXDR+hNJOo9gbgOYVTPq8gXc84I75YKOHiVA4
NrJJQZ6p2sJQyqx60HkEIjzIN+1LQLfXTlpuznToOa1hyTD0yyitFyOYwURM+/CI
8FNFMpBhw22hpeAQkOOLmsqT5QZJYeik7qlvn8gfD+XdDnk3kkuuu0eG+vuyrSGr
5uX5LRhFWlv1zFQDch/EKmd163m6z/ycx/qLa9zyvILc7cQpb+k7TLra9WE17YPS
n9ANjG+ECo9PDW3N9lwhKQCNvw1gGoguyCQu7HE7BnW8eSSFAgMBAAGjggFmMIIB
YjAdBgNVHQ4EFgQUDNtsgkkPSmcKuBTuesRIUojrVjgwHwYDVR0jBBgwFoAUTiJU
IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud
HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
b2JhbFJvb3RHMi5jcmwwYwYDVR0gBFwwWjA3BglghkgBhv1sAQEwKjAoBggrBgEF
BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
CAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm
SlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi
CTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe
0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK
zP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT
44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi
8o34/m8Fxw==
-----END CERTIFICATE-----

My certificate looks like this. The problem described is with de add-on from HACS. When I download the add-on in HACS and restart HA I get this error in HA. This is before I even add the certificate in my config.

Feb 06 '25 17:02 Jansmeister

I tried the work around described but get this error setting up the additional_ca add-on: Logger: homeassistant.setup Bron: setup.py:416 Eerst voorgekomen: 17:25:54 (1 gebeurtenissen) Laatst gelogd: 17:25:54 Error during setup of component additional_ca Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/setup.py", line 416, in _async_setup_component result = await task ^^^^^^^^^^ File "/config/custom_components/additional_ca/init.py", line 54, in async_setup await update_certifi_certificates(hass, config) File "/config/custom_components/additional_ca/init.py", line 170, in update_certifi_certificates cert = await f.read() ^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/site-packages/aiofiles/threadpool/utils.py", line 43, in method return await self._loop.run_in_executor(self._executor, cb) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/concurrent/futures/thread.py", line 59, in run result = self.fn(*self.args, **self.kwargs) File "", line 325, in decode UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

Can you show me the contents of the certificate you exported? In text form (for example open in notepad or just use cat), it should look something like this:
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj
ap/ap9zy1aYNrphe7YcaNwMoPsZvXDR+hNJOo9gbgOYVTPq8gXc84I75YKOHiVA4
NrJJQZ6p2sJQyqx60HkEIjzIN+1LQLfXTlpuznToOa1hyTD0yyitFyOYwURM+/CI
8FNFMpBhw22hpeAQkOOLmsqT5QZJYeik7qlvn8gfD+XdDnk3kkuuu0eG+vuyrSGr
5uX5LRhFWlv1zFQDch/EKmd163m6z/ycx/qLa9zyvILc7cQpb+k7TLra9WE17YPS
n9ANjG+ECo9PDW3N9lwhKQCNvw1gGoguyCQu7HE7BnW8eSSFAgMBAAGjggFmMIIB
YjAdBgNVHQ4EFgQUDNtsgkkPSmcKuBTuesRIUojrVjgwHwYDVR0jBBgwFoAUTiJU
IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud
HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
b2JhbFJvb3RHMi5jcmwwYwYDVR0gBFwwWjA3BglghkgBhv1sAQEwKjAoBggrBgEF
BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
CAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm
SlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi
CTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe
0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK
zP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT
44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi
8o34/m8Fxw==
-----END CERTIFICATE-----
My certificate looks like this. The problem described is with de add-on from HACS. When I download the add-on in HACS and restart HA I get this error in HA. This is before I even add the certificate in my config.

My bad, could you send the configuration.yaml file? The error suggest that it's trying to read the certificate file, but it's somehow malformed. Might be a bad path, or the certificate itself

Feb 06 '25 17:02 mwPandoraid

Considering this is before adding the certificate, maybe try adding it to see if it works?

Feb 06 '25 17:02 mwPandoraid

I tried the work around described but get this error setting up the additional_ca add-on: Logger: homeassistant.setup Bron: setup.py:416 Eerst voorgekomen: 17:25:54 (1 gebeurtenissen) Laatst gelogd: 17:25:54 Error during setup of component additional_ca Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/setup.py", line 416, in _async_setup_component result = await task ^^^^^^^^^^ File "/config/custom_components/additional_ca/init.py", line 54, in async_setup await update_certifi_certificates(hass, config) File "/config/custom_components/additional_ca/init.py", line 170, in update_certifi_certificates cert = await f.read() ^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/site-packages/aiofiles/threadpool/utils.py", line 43, in method return await self._loop.run_in_executor(self._executor, cb) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/concurrent/futures/thread.py", line 59, in run result = self.fn(*self.args, **self.kwargs) File "", line 325, in decode UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

Can you show me the contents of the certificate you exported? In text form (for example open in notepad or just use cat), it should look something like this:
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj
ap/ap9zy1aYNrphe7YcaNwMoPsZvXDR+hNJOo9gbgOYVTPq8gXc84I75YKOHiVA4
NrJJQZ6p2sJQyqx60HkEIjzIN+1LQLfXTlpuznToOa1hyTD0yyitFyOYwURM+/CI
8FNFMpBhw22hpeAQkOOLmsqT5QZJYeik7qlvn8gfD+XdDnk3kkuuu0eG+vuyrSGr
5uX5LRhFWlv1zFQDch/EKmd163m6z/ycx/qLa9zyvILc7cQpb+k7TLra9WE17YPS
n9ANjG+ECo9PDW3N9lwhKQCNvw1gGoguyCQu7HE7BnW8eSSFAgMBAAGjggFmMIIB
YjAdBgNVHQ4EFgQUDNtsgkkPSmcKuBTuesRIUojrVjgwHwYDVR0jBBgwFoAUTiJU
IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud
HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
b2JhbFJvb3RHMi5jcmwwYwYDVR0gBFwwWjA3BglghkgBhv1sAQEwKjAoBggrBgEF
BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
CAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm
SlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi
CTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe
0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK
zP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT
44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi
8o34/m8Fxw==
-----END CERTIFICATE-----
My certificate looks like this. The problem described is with de add-on from HACS. When I download the add-on in HACS and restart HA I get this error in HA. This is before I even add the certificate in my config.

Did you add something like:

default_config:
additional_ca:
  hon: hon_rapidssl.crt

into your configuration.yaml after you added your .crt-file in the new created folder config\additional_ca\ in your HA?

Feb 06 '25 17:02 FredoElmo

I tried the work around described but get this error setting up the additional_ca add-on: Logger: homeassistant.setup Bron: setup.py:416 Eerst voorgekomen: 17:25:54 (1 gebeurtenissen) Laatst gelogd: 17:25:54 Error during setup of component additional_ca Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/setup.py", line 416, in _async_setup_component result = await task ^^^^^^^^^^ File "/config/custom_components/additional_ca/init.py", line 54, in async_setup await update_certifi_certificates(hass, config) File "/config/custom_components/additional_ca/init.py", line 170, in update_certifi_certificates cert = await f.read() ^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/site-packages/aiofiles/threadpool/utils.py", line 43, in method return await self._loop.run_in_executor(self._executor, cb) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/concurrent/futures/thread.py", line 59, in run result = self.fn(*self.args, **self.kwargs) File "", line 325, in decode UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

Can you show me the contents of the certificate you exported? In text form (for example open in notepad or just use cat), it should look something like this:
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj
ap/ap9zy1aYNrphe7YcaNwMoPsZvXDR+hNJOo9gbgOYVTPq8gXc84I75YKOHiVA4
NrJJQZ6p2sJQyqx60HkEIjzIN+1LQLfXTlpuznToOa1hyTD0yyitFyOYwURM+/CI
8FNFMpBhw22hpeAQkOOLmsqT5QZJYeik7qlvn8gfD+XdDnk3kkuuu0eG+vuyrSGr
5uX5LRhFWlv1zFQDch/EKmd163m6z/ycx/qLa9zyvILc7cQpb+k7TLra9WE17YPS
n9ANjG+ECo9PDW3N9lwhKQCNvw1gGoguyCQu7HE7BnW8eSSFAgMBAAGjggFmMIIB
YjAdBgNVHQ4EFgQUDNtsgkkPSmcKuBTuesRIUojrVjgwHwYDVR0jBBgwFoAUTiJU
IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud
HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
b2JhbFJvb3RHMi5jcmwwYwYDVR0gBFwwWjA3BglghkgBhv1sAQEwKjAoBggrBgEF
BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
CAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm
SlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi
CTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe
0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK
zP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT
44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi
8o34/m8Fxw==
-----END CERTIFICATE-----
My certificate looks like this. The problem described is with de add-on from HACS. When I download the add-on in HACS and restart HA I get this error in HA. This is before I even add the certificate in my config.
Did you add something like:
default_config:
additional_ca:
  hon: hon_rapidssl.crt
into your configuration.yaml after you added your .crt-file in the new created folder config\additional_ca\ in your HA?

Yes I did.

Feb 06 '25 17:02 Jansmeister

I think the only reasonable explanation is that the exported certificate is somehow malformed. It cannot be an issue solely with the plugin, because the part that throws an exception is the part that actually attempts to read the certificate specified in the configuration, and it points towards there being a character it cannot read. Can you try exporting the certificate again? And again, if you could send your config, it might be helpful.

Feb 06 '25 18:02 mwPandoraid

I think the only reasonable explanation is that the exported certificate is somehow malformed. It cannot be an issue solely with the plugin, because the part that throws an exception is the part that actually attempts to read the certificate specified in the configuration, and it points towards there being a character it cannot read. Can you try exporting the certificate again? And again, if you could send your config, it might be helpful.

I got the additional_ca add-on working now. Implemented the certificate but the haier integration still doesn't setup. It's still the same SSL error in the logs

Feb 06 '25 18:02 Jansmeister

I think it's because you actually need both the RapidSSL certificate and the DigiCert certificate. It worked with RapidSSL only for me when i set it up the first time, but i reset my setup to test something and I had to import both certificates.

Feb 06 '25 18:02 mwPandoraid

I think it's because you actually need both the RapidSSL certificate and the DigiCert certificate. It worked with RapidSSL only for me when i set it up the first time, but i reset my setup to test something and I had to import both certificates.

Owke we'll finally get there I hope..... How do I download and setup both certificates.

On a roll now and learning stuff so give it to me :)

Feb 06 '25 18:02 Jansmeister

Guys, I managed to have hon working. I described steps I followed here: #286 in detail. If you could give it a try...

Feb 06 '25 18:02 jm314159

I think it's because you actually need both the RapidSSL certificate and the DigiCert certificate. It worked with RapidSSL only for me when i set it up the first time, but i reset my setup to test something and I had to import both certificates.

Owke we'll finally get there I hope..... How do I download and setup both certificates.

On a roll now and learning stuff so give it to me :)

The steps @jm314159 described sound pretty much exactly right, I just didn't have to remove hOn integration at all.

Here you just click on DigiCert, press export, and then repeat the same process for RapidSSL

Feb 06 '25 18:02 mwPandoraid

I think it's because you actually need both the RapidSSL certificate and the DigiCert certificate. It worked with RapidSSL only for me when i set it up the first time, but i reset my setup to test something and I had to import both certificates.

Owke we'll finally get there I hope..... How do I download and setup both certificates. On a roll now and learning stuff so give it to me :)

The steps @jm314159 described sound pretty much exactly right, I just didn't have to remove hOn integration at all.

Here you just click on DigiCert, press export, and then repeat the same process for RapidSSL

Hell yeah! It works.....finally. Thanks for all the help, feel like a complete noob overhere :(

Feb 06 '25 18:02 Jansmeister

Thank you all.

I too had the issue that the hOn addon for Home Assistant didn't work anymore since February 6th 2025. The solution mentioned in the comment thread above did fix the issue.

For full reference I share what I did:

Installing Additional CA

Using HACS I installed Additional CA, as suggested here

Downloading hOn certificate

Using Firefox I navigated to https://account2.hon-smarthome.com/
Left to the Firefox address bar I clicked the lock icon and then Connection secure and then More information
In the popup I clicked the View Certificate button and clicked the second "RapidSSL TLS RSA CA G1" tab
Nearby the 'Miscellaneous' heading, I clicked the PEM (cert) tab to download the certificate as a .pem file to my computer

Converting .pem to .crt

On my Linux computer I opened a terminal, navigated to the folder that contained the download .pem file and executed the command openssl x509 -outform PEM -in account2-hon-smarthome-com.pem -out account2-hon-smarthome-com.crt like mentioned here

Saving .crt file on Home Assistant hard disk

I opened Home Assistant in my web browser and opened my file browser (i.e. "Visual Code Server" or "File editor")
I created the folder /config/additional_ca like mentioned here
I drag&dropped the file account2-hon-smarthome-com.crt from my computer folder to the newly created Home Assistant folder config/additional_ca

Updating configuration.yaml

Using a Home Assistant file editor, I opened configuration.yaml and added this to the bottom of the file:

additional_ca:
  my_private_ca: account2-hon-smarthome-com.crt

I saved configuration.yaml and restarted Home Assistant

Now the hOn addon worked again.

Feb 06 '25 18:02 bartwr

Still the same issue with the off switch remains. Anyone have a solution for that annoyance?

Feb 06 '25 19:02 Jansmeister

Still the same issue with the off switch remains. Anyone have a solution for that annoyance?

There's a fix for that here: https://github.com/Andre0512/hon/pull/277/files I'm not really too sure how to change the branch of an integration, so a quick and somewhat easy way would be to go to custom_components/hon/climate.py line 202 and replace self._device.sync_command("stopProgram", "settings") with self._device.settings["settings.onOffStatus"].value = "0", then restart HomeAssistant

like so:

Feb 06 '25 19:02 mwPandoraid

Still the same issue with the off switch remains. Anyone have a solution for that annoyance?

There's a fix for that here: https://github.com/Andre0512/hon/pull/277/files I'm not really too sure how to change the branch of an integration, so a quick and somewhat easy way would be to go to custom_components/hon/climate.py line 202 and replace self._device.sync_command("stopProgram", "settings") with self._device.settings["settings.onOffStatus"].value = "0", then restart HomeAssistant

like so:

That did the trick, thanks!

Feb 06 '25 19:02 Jansmeister

@bartwr great explanation.

I will add up that I did not need to convert the .pem to .crt. Added it directly as you mention and it worked.

Feb 06 '25 22:02 jfmcarreira

Thank you all.

I too had the issue that the hOn addon for Home Assistant didn't work anymore since February 6th 2025. The solution mentioned in the comment thread above did fix the issue.

It worked for me. I saved the certificates from GoogleChrome (windows), renamed them and transferred them. Config:

additional_ca:                    
  RapidSSL: RapidSSL.crt                 
  DigiCert: DigiCertGlobalRootG2.crt

Feb 06 '25 23:02 indevor

I still can't get it to work.

What I did:

I used chrome and downloded: DigiCert Global Root G2 & RapidSSL TLS RSA CA G1

When I downloaded them they were already .crt

I renamed them to

DigiCertGlobalRoot.crt RapidSSL.crt

I made a folder and put the CRT files in.

I installed Additional CA

and put this in my config.yaml:

additional_ca: RapidSSL: RapidSSL.crt
DigiCert: DigiCertGlobalRoot.crt

After reboot H0N still doesn't work.

The log of H0N says:

`Log details (ERROR)
Logger: homeassistant.config_entries
Source: config_entries.py:640
First occurred: 12:45:02 (4 occurrences)
Last logged: 12:46:43

Error setting up entry [email protected] for hon
Traceback (most recent call last):
  File "/usr/local/lib/python3.13/site-packages/aiohttp/connector.py", line 1122, in _wrap_create_connection
    return await self._loop.create_connection(*args, **kwargs, sock=sock)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/asyncio/base_events.py", line 1188, in create_connection
    transport, protocol = await self._create_connection_transport(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    ...<2 lines>...
        ssl_shutdown_timeout=ssl_shutdown_timeout)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/asyncio/base_events.py", line 1221, in _create_connection_transport
    await waiter
  File "/usr/local/lib/python3.13/asyncio/sslproto.py", line 581, in _on_handshake_complete
    raise handshake_exc
  File "/usr/local/lib/python3.13/asyncio/sslproto.py", line 563, in _do_handshake
    self._sslobj.do_handshake()
    ~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.13/ssl.py", line 951, in do_handshake
    self._sslobj.do_handshake()
    ~~~~~~~~~~~~~~~~~~~~~~~~~^^
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1018)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/config_entries.py", line 640, in __async_setup_with_context
    result = await component.async_setup_entry(hass, self)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/hon/__init__.py", line 34, in async_setup_entry
    hon = await Hon(
          ^^^^^^^^^^
    ...<6 lines>...
    ).create()
    ^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/pyhon/hon.py", line 77, in create
    await self.setup()
  File "/usr/local/lib/python3.13/site-packages/pyhon/hon.py", line 104, in setup
    appliances = await self.api.load_appliances()
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/pyhon/connection/api.py", line 86, in load_appliances
    async with self._hon.get(f"{const.API_URL}/commands/v1/appliance") as resp:
               ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/contextlib.py", line 214, in __aenter__
    return await anext(self.gen)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/pyhon/connection/handler/base.py", line 64, in get
    async with self._intercept(*args, **kwargs) as response:
               ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/contextlib.py", line 214, in __aenter__
    return await anext(self.gen)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/pyhon/connection/handler/hon.py", line 75, in _intercept
    kwargs["headers"] = await self._check_headers(kwargs.get("headers", {}))
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/pyhon/connection/handler/hon.py", line 62, in _check_headers
    await self.auth.refresh(self._refresh_token)
  File "/usr/local/lib/python3.13/site-packages/pyhon/connection/auth.py", line 280, in refresh
    async with self._request.post(
               ~~~~~~~~~~~~~~~~~~^
        f"{const.AUTH_API}/services/oauth2/token", params=params
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    ) as response:
    ^
  File "/usr/local/lib/python3.13/contextlib.py", line 214, in __aenter__
    return await anext(self.gen)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/pyhon/connection/handler/base.py", line 75, in post
    async with self._intercept(*args, **kwargs) as response:
               ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/contextlib.py", line 214, in __aenter__
    return await anext(self.gen)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/pyhon/connection/handler/auth.py", line 36, in _intercept
    async with method(url, *args, **kwargs) as response:
               ~~~~~~^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/aiohttp/client.py", line 1425, in __aenter__
    self._resp: _RetType = await self._coro
                           ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/aiohttp/client.py", line 703, in _request
    conn = await self._connector.connect(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        req, traces=traces, timeout=real_timeout
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/usr/local/lib/python3.13/site-packages/aiohttp/connector.py", line 548, in connect
    proto = await self._create_connection(req, traces, timeout)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/aiohttp/connector.py", line 1056, in _create_connection
    _, proto = await self._create_direct_connection(req, traces, timeout)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/aiohttp/connector.py", line 1400, in _create_direct_connection
    raise last_exc
  File "/usr/local/lib/python3.13/site-packages/aiohttp/connector.py", line 1369, in _create_direct_connection
    transp, proto = await self._wrap_create_connection(
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    ...<7 lines>...
    )
    ^
  File "/usr/local/lib/python3.13/site-packages/aiohttp/connector.py", line 1124, in _wrap_create_connection
    raise ClientConnectorCertificateError(req.connection_key, exc) from exc
aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host account2.hon-smarthome.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1018)')] `

When I search in home-assistant.log for additional_ca I only get one hit:

[homeassistant.loader] We found a custom integration additional_ca which has not been tested by Home Assistant. This component might cause stability problems, be sure to disable it if you experience issues with Home Assistant

So I gues I installed it correctly?

I use Home assistant OS on proxmox. Do I maybe also need to install the certificates on Proxmox? if yes, could someone help me with that :D

Feb 07 '25 12:02 droeloe1818

I'm not sure this will help, but it should look like this in your config.yaml

additional_ca: __RapidSSL: RapidSSL.crt __DigiCert: DigiCertGlobalRoot.crt

I see the comments will delete the 2 spaces in front of both crt files....

Feb 07 '25 12:02 Jansmeister

I'm not sure this will help, but it should look like this in your config.yaml

additional_ca: __RapidSSL: RapidSSL.crt __DigiCert: DigiCertGlobalRoot.crt

I see the comments will delete the 2 spaces in front of both crt files....

Thanks, the copying messed up but it was correctly in HomeAssistant so that is not the problem.

Feb 07 '25 12:02 droeloe1818

I'm not sure this will help, but it should look like this in your config.yaml additional_ca: __RapidSSL: RapidSSL.crt __DigiCert: DigiCertGlobalRoot.crt I see the comments will delete the 2 spaces in front of both crt files....

Thanks, the copying messed up but it was correctly in HomeAssistant so that is not the problem.

Some people had to change their password in the hOn platform for it to make ik work. Did you try that?

Feb 07 '25 12:02 Jansmeister

I'm not sure this will help, but it should look like this in your config.yaml additional_ca: __RapidSSL: RapidSSL.crt __DigiCert: DigiCertGlobalRoot.crt I see the comments will delete the 2 spaces in front of both crt files....

Thanks, the copying messed up but it was correctly in HomeAssistant so that is not the problem.

Some people had to change their password in the hOn platform for it to make ik work. Did you try that?

I just changed it, but it didn;t work. still SSL error. thanks for your help so far.

Feb 07 '25 12:02 droeloe1818