Problem connecting to Home Assistant

impeham · February 2, 2020, 10:51pm

doesn’t work. i’m not sure it should - these are 2 different dockers - they live in their own OS basically, so localhost is useless i think…

TinyDoT · February 2, 2020, 11:12pm

Yes, you are right on this, I was having a Stupid moment, i need to eat, but I think I found your answer.

impeham · February 3, 2020, 10:40pm

interesting thanks - i added the certificate to the profiles/en folder and added to “profile.json”:

"home_assistant": {
        "pem_file": "$RHASSPY_PROFILE_DIR/certificate.pem"
}

and it didn’t work, so i attached to the rhasspy container and used “printenv” and seen this variable set:
RHASSPY_APP=/usr/share/rhasspy

but and the variable “RHASSPY_PROFILE_DIR” does not exist there so i don’t see how it should work.
any ideas?

TinyDoT · February 3, 2020, 11:38pm

Ok, so you added the certificate, to your profile folder, which should be at “~/.config/rhasspy/profiles/en” and added the proper json to your profile. Now, at this point did you restart the server?

The $RHASSPY_PROFILE_DIR is a variable for your profile location which is:

“~/.config/rhasspy/profiles/en”

and that is a link into your docker for the profile:

“/profiles”

The way you have this setup, in theory should work after a restart if not may be @synesthesiam can chime in on this.

impeham · February 4, 2020, 5:44am

i did what you described and it didn’t work - $RHASSPY_PROFILE_DIR is not recognized inside the docker image (i printed the environment variables from within it and it does not exist). this variable must be set from within the docker container or it will have no value when it is used as the path from “profile.json”:
“pem_file”: “$RHASSPY_PROFILE_DIR/certificate.pem”

i’m not sure why it was not set, or am i missing something else here?

TinyDoT · February 7, 2020, 12:25am

I wish I had a setup like this so I could test, but this is what I would try, i"m grasping for things here, but give this a try.

Replace - $RHASSPY_PROFILE_DIR with ~/.config/rhasspy/profiles/en

or

Replace - $RHASSPY_PROFILE_DIR with $HOME/.config/rhasspy/profiles/en

then restart the server and see where that gets you

impeham · February 7, 2020, 2:54pm

same error.

i tried another thing - after attaching to the container, i saw that filesystem “/dev/root” is mounted on “/profiles” and the folder with the certificate is actually in “/profiles/en”, so i changed in profile.json to

    "home_assistant": {
        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiIyNTc4ZDUxZTFiYjI0ZjFjYjA2OWFkZTgyYTJiNDU2YiIsImlhdCI6MTU4MDYwmTUzOCwiZXhwIjoxpDk1OuYxNbM4fQ.dGR_CFWgeT-buVMn8sdi36nEThbi-lEtSMVu3N7IJtA",
        "url": "https://192.168.0.186:8123",
        "pem_file": "/profiles/en/certificate.pem"
    },

this path DOES contain the certificate when i’m doing “ls /profiles/en/certificate.pem” from within the container but it does not solve the issue after restart.
by doing “echo $HOME/.config/rhasspy/profiles/en”
i’m getting: “/root/.config/rhasspy/profiles/en” and this folder doesn’t exist. same output for “ls ~/.config/rhasspy/profiles/en”

impeham · February 7, 2020, 3:02pm

another test i made - from within the container i run the following:

curl -X GET -H "Authorization: Bearer
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiIyNTc4ZDUxZTFiYjI0ZjFjYjA2OWFkZTgyYTJiNDU2YiIsImlhdCI6MTU4MDYwmTUzOCwiZXhwIjoxpDk1OuYxNbM4fQ.dGR_CFWgeT-buVMn8sdi36nEThbi-lEtSMVu3N7IJtA" -H "Content-Type: application/json" --insecure https://192.168.0.186:8123/api/states

and it works - i get the full list of states!
so i t seems that the URL is accessible from the docker, and the problem is related to rhasspy application itself - probably because of the certificate but i don’t understand why

TinyDoT · February 7, 2020, 9:53pm

The link that I sent you about this it seemed to solve the problem, but I do not know which version that was for. Maybe an update broke something that allowed this to work.

impeham · February 7, 2020, 10:17pm

actually - it describes a different error - " HTTPSConnectionPool(host='home-assistant.local', port=443): Max retries exceeded with url: /api/events/rhasspy_ChangeInput (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))"

mine is “HomeAssistantIntentHandler Can’t contact server Unable to reach your Home Assistant server at htps://192.168.0.186:8123. Is it running?"

so maybe the certificate is not the issue. i need to see some debug logs for it’s start process - how can i do that?

impeham · February 7, 2020, 11:28pm

ok - using porcupine + activating intent, i get this log error:

requests.exceptions.SSLError: HTTPSConnectionPool(host=‘192.168.0.186’, port=8123): Max retries exceeded with url: /api/events/rhasspy_GetTime (Caused by SSLError(CertificateError(‘no appropriate commonName or subjectAltName fields were found’,),))
[WARNING:193611] urllib3.connection: Certificate did not match expected hostname: 192.168.0.186. Certificate: {‘subject’: (((‘countryName’, ‘IL’),), ((‘stateOrProvinceName’, ‘Some-State’),), ((‘organizationName’, ‘Internet Widgits Pty Ltd’),)), ‘issuer’: (((‘countryName’, ‘IL’),), ((‘stateOrProvinceName’, ‘Some-State’),), ((‘organizationName’, ‘Internet Widgits Pty Ltd’),)), ‘version’: 3, ‘serialNumber’: ‘890120E2761B5C2C’, ‘notBefore’: ‘Apr 15 13:24:11 2019 GMT’, ‘notAfter’: ‘Apr 14 13:24:11 2021 GMT’}

it is indeed the same error as in the link you’ve sent

TinyDoT · February 8, 2020, 12:10am

Ok, could this be a permissions thing. When you place the cert in your profile folder what user and group own it and what are the file permissions?

TinyDoT · February 10, 2020, 10:15pm

@impeham, the suspense, is killing me, did you get it to work?

impeham · February 10, 2020, 10:32pm

hey, sorry - was quite busy.

the permissions are exactly the same as all other files on the same folder so doesn’t look like the cause.

i made it temporarily work by editing “intent_handler.py” inside the docker container (which will probably be overwritten sometime when i update the docker).

i changed the code to always send “False” in the call to HASS which disables the certificate verification:

if self.pem_file is not None:
  kwargs["verify"] = False
response = requests.post(post_url, **kwargs)

this is working but i’m still trying to figure out why it fails to use the certificate file. the next thing i’ll do is add logs and try to see what is going on when i loads - hopefully will get to something.

if i get any new info i’ll post here. open to other ideas also.

TinyDoT · February 10, 2020, 10:45pm

Damn, ok I have one other thought, instead of using “certificate.pem” change it to “fullchain.pem”

impeham · February 10, 2020, 10:47pm

why would that matter? just a name actually… there is no meaning to the name itself

TinyDoT · February 10, 2020, 10:54pm

When search for a fix I came across that, and it was referring to fullchain.pem like that is what Rhasspy was looking for, but it just might have been what the user was calling it. Worth a try, I’m out of ideas.

Adibou · April 6, 2020, 10:45pm

Hi there

I’ve run into the exact same problem, did you find a workaround ?

impeham · April 7, 2020, 6:50am

just by changing the code as i mentioned

bositman · December 4, 2020, 12:44pm

Having the exact same issues, could you by any chance post where the intent_handler.py file resides in the docker image? Thanks