Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate expired #17

Open
mdz opened this issue Sep 8, 2024 · 1 comment
Open

Certificate expired #17

mdz opened this issue Sep 8, 2024 · 1 comment

Comments

@mdz
Copy link

mdz commented Sep 8, 2024
edited
Loading

Using this module with the juicenet integration in Home Assistant, I get the following error:

2024-09-08 16:40:26.847 ERROR (MainThread) [homeassistant.components.juicenet] Could not reach the JuiceNet API Cannot connect to host jbv1-api.emotorwerks.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1000)')]

Connecting with openssl, I get:

openssl s_client -connect jbv1-api.emotorwerks.com:443
CONNECTED(00000003)
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
verify return:1
depth=0 CN = *.emotorwerks.com
verify error:num=10:certificate has expired
notAfter=Jun 25 18:26:27 2024 GMT
verify return:1
depth=0 CN = *.emotorwerks.com
notAfter=Jun 25 18:26:27 2024 GMT
verify return:1
---
Certificate chain
 0 s:CN = *.emotorwerks.com
   i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 25 18:26:27 2023 GMT; NotAfter: Jun 25 18:26:27 2024 GMT
 1 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
   i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May  3 07:00:00 2011 GMT; NotAfter: May  3 07:00:00 2031 GMT
 2 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
   i:C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan  1 07:00:00 2014 GMT; NotAfter: May 30 07:00:00 2031 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGljCCBX6gAwIBAgIIV8ELi76KI98wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwNTI1MTgyNjI3WhcN
MjQwNjI1MTgyNjI3WjAcMRowGAYDVQQDDBEqLmVtb3RvcndlcmtzLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQ1shRRwi+vwuZhXrFBrCSFZsF4
Ztsdpwi1g7fbSlK4lQAoSU77jeIm+QTxAtwpKIAhSlx8KzA9SqpiWUbmky/hdlyJ
EbM3I934wKqLDVIynS7mdSwx1bX0xwlculZG47+NNUEcpZ/Kw47pcMsRosXABCKK
FfNjgaqDVdkSJeLcyBKPedTh/E75XVH16TpHgoNyAFO89v/m0W9q46hWWsLdhL0m
5tKw8ABHj1JdmLDckwDGWSXNMlRMdOpADcwABb2PboFNfi0djh2LvXOs6b2h1veY
clQ+6h4zujgeXBcrGJPag0eOJ/RupX8D1SeFdu2DrersdKQg+2OdxQDMws0CAwEA
AaOCA0EwggM9MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMA4GA1UdDwEB/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8v
Y3JsLmdvZGFkZHkuY29tL2dkaWcyczEtNTg1Mi5jcmwwXQYDVR0gBFYwVDBIBgtg
hkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdv
ZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcw
AoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dk
aWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAtBgNVHREE
JjAkghEqLmVtb3RvcndlcmtzLmNvbYIPZW1vdG9yd2Vya3MuY29tMB0GA1UdDgQW
BBSD3Klgkv6bRqmC7VcpiZChtc5+KzCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFm
AHUA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGIVCm9KwAABAMA
RjBEAiB7vZ9mNL8rT6qHjzK7m1ynat0bMNZteOs36HoIC6Id5AIgam3Gzg7BToD1
T/z4IS053VXgNNU6MPDnlhIJD2PonLMAdQBIsONr2qZHNA/lagL6nTDrHFIBy1bd
LIHZu7+rOdiEcwAAAYhUKb6MAAAEAwBGMEQCIAdeV5yhSCS8yaTNV5RNuZeuxNSl
4CwV6pHpbHDdIPeLAiAArhcAvH8PFIyCJihN4J+HdfzZuaCRVyJG/GZP7QIG4wB2
ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABiFQpvyAAAAQDAEcw
RQIgfIdkvOV0nB05jSl8i1Wn1+/Ba2J51EyK9efoZG1u0hcCIQCkVDpL7Nxf6H+C
zfYL/klkrfNE2u4J7tEN5giTh33xdTANBgkqhkiG9w0BAQsFAAOCAQEAFRR719H2
yjorsHVTfm93QuTrhGc75/p3zi4p7qO6xCSShrp7KUzbhu2eR1JSgYu6/WXuRUo1
I3CKSr3K8/lhaPp7SiRcUWuijNmW7CIMDD4yM+9Gx1P5o8rwiGXObtiEiizwxzLL
OkDBPEmojjm1T/NH7purl32lbVp/z4B6r+AiVwh6/7f3JRv4jdpFAAni/GqeWgYp
sL9uPeftByxqOILsA0ghj66zMCFhTzFGbTd4tsUUuQHqtVP+HHk8wiFyFO8OII+1
yjxwuih3gvR7ul70Zbg5l4S+P+Zfbcawf+OgBLXBDFPUAIappNDRRjHaW42SWQS+
MIEtzuAvGb6L7A==
-----END CERTIFICATE-----
subject=CN = *.emotorwerks.com
issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, secp521r1, 521 bits
---
SSL handshake has read 4773 bytes and written 833 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: CAC1F5DB248402FC9FFF414D287CA886081320E998868D980ED197D60A908825
    Session-ID-ctx: 
    Resumption PSK: 352B1BB120DDAFFD12ACE71BAC225A3048427201D6C1BE17F0CC49E7CA591464218DAD80BD3B62550F6F4BD397F1C82A
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 36000 (seconds)
    TLS session ticket:
    0000 - 9b 23 00 00 b8 a8 3d a8-86 f6 60 62 a3 a9 75 f7   .#....=...`b..u.
    0010 - 19 76 83 f9 8d 0f 45 2d-fe 76 fa 40 62 39 0c 82   .v....E-.v.@b9..

    Start Time: 1725838878
    Timeout   : 7200 (sec)
    Verify return code: 10 (certificate has expired)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

Note:

verify error:num=10:certificate has expired
[...]
Verify return code: 10 (certificate has expired)

Perhaps there is a newer API endpoint that has a non-expired certificate?
@shatteringlass
Copy link

I suppose it might be related to this piece of news:

https://www.juiceboxnorthamerica.com/?category=topics/juicebox

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mdz @shatteringlass