TLS Errors when Konnected firmware calls Home Assistant

So I have the device-discovery etc. part working, and ESPlorer shows Konnected trying to send updates when my sensors change - but the updates aren't "received" by HomeAssistant. My HA setup is TLS-enabled (using the DuckDNS addon) Doing a packet capture in the docker-container running HA, and filtering for the IP of the first Konnected device - I can see the TCP connection establish, and the SSL connection proceeds as expected:

=> Client Hello 
<= Server Hello 
<= Certificate, Server 
Key Exchange, Server 
Hello 
Done 

And then, Konnected/NodeMCU's TLS implementation returns the following 'Decrypt Error' on the wire 

Secure Sockets Layer TLSv1.2 
Record Layer: Alert (Level: Fatal, Description: Decrypt Error) 
Content Type: Alert (21) 
Version: TLS 1.2 (0x0303) 
Length: 2 
Alert Message Level: Fatal (2) 
Description: Decrypt Error (51) 

I can obviously connect to HA using TLS from multiple browsers, and from the Linux 'openssl' command-line client. The relevant logs from the NodeMCU device are: 

HTTP client: Disconnected with error: 46 
HTTP client: Connection timeout 
Heap:33472 HTTP Call: -1 state 1 pin 2 
E:M 528 
HTTP client: Disconnected with error: 46 
HTTP client: Connection timeout 
Heap:33288 HTTP Call: -1 state 0 pin 2 E:M 528 
HTTP client: Disconnected with error: 46 
HTTP client: Connection timeout 
Heap:33288HTTP Call:-1state1pin2

Any hints as to where to go next - I do know some lua, but I couldn't see if the Konnected scripts had any way to interrupt the boot process.

  • @Nate, I'm using a standard nginx reverse-proxy implemented outside of the hass.io environment (on my firewall), but the HA folks provide some configuration guidelines here https://www.home-assistant.io/docs/ecosystem/nginx/  you might also direct people deploying in a non hass.io environment there.

  • Oh yeah, I am running Hass 0.71. It took a a while to get Hass.io set up on my Pi 3B+ so not quite sure I'm ready to upgrade the Hass.  I gave the nginx addon a trying to get the reverse proxy to work but it still didn't fix it. I reflashed the original  2.2.0 and I'm going back through to disable all my SSL stuff in hopes to see the Konnected board real time update on my overview page. =/

  • @MDinh After you've set up the reverse proxy with Nginx, you'll need to re-sync Konnected to get it to recognize the updated base_url. In 0.72 this will be automatic. In Hass 0.71 and earlier the easiest thing to do is wipe it by re-flashing it and then it will re-sync the first time Hass discovers the device again.

  •  That makes a lot of sense Nate. I will give that a try. I am going to do a clean start and try to get this all going again tomorrow. I'll be back with an update if I can get it running. 

  • I'll try and reflash my devices tomorrow after the 0.72 update. @Nate those of using hass.io aren't able to update to beta versions, so we have to wait for official releases.

  • I don't have a Hass.io instance running right now, but I think you can enable "dev" channel releases to get the beta. There wouldn't be much value in releasing a beta if nobody using Hass.io could test it.

    This is mentioned here: https://www.home-assistant.io/blog/2018/03/24/new-release-schedule/

    Hass.io users will be able to enable the dev channel in the system settings.

  • To enable the beta you go to the hass.io menu then into system and click join beta channel.
  • Thanks. Didn't know that. Apologies for the inaccuracy!

  • I got the 0.72.0b5 update now. wow that was easy!

  • @nate, i flashed both devices with 2.2.1beta that you linked to (which I think is now your stable release?). I noticed that it was only the `filesystems` file that was updated, the `firmware` file hasn't changed for 9 days? I also upggraded hass.io to 0.72 and added the `api_host` to the configuration.yaml file.


    I am getting pretty reliable and quick detection, but then variable clearing. Once the sensor in one room changed to "clear" as soon as the detector on my wall indicated clear, but mostly it stays "detected" for a variably long period of time... clearing eventually it seems over a matter of 10-20 minutes.


    Has this been anyone else's experience?

  • I disabled all of SSL stuff while setting up a separate board at my gf house. HASS got updated to 0.72 now but I couldn't get the 2.2.1 firmware and file system to update real time when I open and close doors. I went back to the original firmware 2.2.0 and it works. I'm thinking maybe I didn't give it enough time for HAS to sync up with the 2.2.1..... not 100 percent sure why it wasn't working but I'll give it another try when I am back home trying to set up mine again.  

  • Ok let me know what you find out. Change log level to info or debug and capture some logs for me to look at if you can't figure it out.

  • How do it do that?

  • logger:
      default: info
      logs:
        homeassistant.components.konnected: debug

    See: https://www.home-assistant.io/components/logger/

  • So, I got it up and running with the updated HASS, SSL enabled, and the 2.2.1 firmware/systemfile on the nodemcu. I tried to get it running with the NGINX addon for HASSIO but I must be doing something wrong since there still a 2-3 second delay with opening and closing the sensors on the board. Any suggestions?

Login or Signup to post a comment