Core: SSL handshake Fail

Please post your http: config from configuration.yaml

HTTP config is as follows:

http:
  api_password: !secret http_password
  base_url: https://<myduckdnsname>.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: True
  login_attempts_threshold: 5

I have the same issue.

0.81 on RPi3, HassIO.

http:
     base_url: <myduckdnsname>.duckdns.org
     ssl_certificate: /ssl/fullchain.pem
     ssl_key: /ssl/privkey.pem
     ssl_profile: intermediate

Notes:

1. Traffic to port 443 on my external router interface is forwarded to port 8123 on my HassIO platform.
2. Traffic to port 8123 on my external router interface is also forwarded to port 8123 on my HassIO platform.
3. I have tried various permutations of base_url, including, but not limited to:
   
   
   
   • https://.duckdns.org
   
   
   • https://.duckdns.org:443
   
   
   • https://.duckdns.org:8123
   
   
   • .duckdns.org:443
   
   
   • .duckdns.org:8123
   
   

2018-10-29 15:35:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
 Traceback (most recent call last):
   File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
   File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
   File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
     self._sslobj.do_handshake()
 ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
 2018-10-29 15:35:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
 Traceback (most recent call last):
   File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
   File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
   File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
   File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
     self._sslobj.do_handshake()
 ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

Have exact same problem running Home Assistant 0.82.1 with only 9 (I guess core) components loaded:

• api
• auth
• frontend
• http
• logger
• lovelace
• onboarding
• system_log
• websocket_api

So I don't think it's an upstream/3rd party issue as suggested in other issues.

I'm running Home Assistant on Raspberry Pi 3 using official Docker image. The certificates are freshly generated with Let's Encrypt.

Same thing happens when running Home Assistant on Win10.

I have just gotten this everything was fine on versions mentioned above.

0.83.2 Running on Docker
Using my own domain SSL certs

Same Errors Here.

Running in Docker with the following compose:

version: '3'
services:
  homeassistant:
    image: homeassistant/home-assistant
    container_name: homeassistant
    volumes:
      - ../data/:/config
      - /etc/localtime:/etc/localtime:ro
      - /etc/letsencrypt/:/etc/letsencrypt/
    devices:
      - /dev/ttyACM0:/dev/ttyACM0
    restart: always
    network_mode: host

Like previous commentor, I have

1. Traffic to port 443 on my external router interface is forwarded to port 8123.
2. Traffic to port 8123 on my external router interface is also forwarded to port 8123.

my http config is:

http:
  api_password: !secret api_password
  ssl_certificate: !secret cert_path
  ssl_key: !secret ssl_key
  base_url: !secret public_url
  ip_ban_enabled: True
  login_attempts_threshold: 3

Secrets:

cert_path: /etc/letsencrypt/live/home.mydomain.com/fullchain.pem 
ssl_key: /etc/letsencrypt/live/home.mydomain.com/privkey.pem
public_url: https://home.mydomain.com

Error:

2018-12-04 11:36:06 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: VERSION_TOO_LOW] version too low (_ssl.c:847)
2018-12-04 11:36:06 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: VERSION_TOO_LOW
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: VERSION_TOO_LOW] version too low (_ssl.c:847)
2018-12-04 11:36:31 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:847)
2018-12-04 11:36:31 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: NO_SHARED_CIPHER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:847)

Just FYI, rather than write multiple comments I think it make sense to put a 👍 reaction to the initial comment/summary.

I also have the same issue people are reporting, SSL errors in the logs.

HA Version: 0.82.1
Running in Docker, on a Synology NAS
Using my own domain
Valid, non-expired cert by Letsencrypt
SSL Cert Expiry sensor even works

Sample of errors

2018-12-04 07:54:15 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:847)
2018-12-04 07:55:15 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:847)

These lines repeat every 60secs; as you can imagine my log files are quite large because of this.

Happy to provide more information, as needed.

Just FYI, rather than write multiple comments I think it make sense to put a 👍 reaction to the initial comment/summary.

Happy to 👍 the initial comment/summary, but the issue persists across multiple versions & environments. Should we start new issues for these new versions, even though we're getting the same errors?

I don't think that adding multiple issues for the same issue is an option as these would simply be closed as duplicate. Bumping the issue with reaction seems like a reasonable option. The issue that has most 👍 so far has only 11 of them so eventually we can bring this to attention. I agree that this issue is really troublesome.

Same issue, although not as frequent as topic initiator.
Running Hassio 0.83.3 in Docker on Intel NUC.
Using manually installed wildcard Let's Encrypt certificate.
I am having this error log entries ever since I started using Hassio (end of August 2018).

2018-12-06 13:09:28 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection.139888481887008] Client exceeded max pending messages [2]: 512
2018-12-06 13:09:28 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection.139888481887008] Client exceeded max pending messages [2]: 512
2018-12-06 13:09:28 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection.139888481887008] Client exceeded max pending messages [2]: 512
2018-12-06 13:09:28 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection.139888481887008] Client exceeded max pending messages [2]: 512
2018-12-06 13:09:30 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection.139888482370112] Client exceeded max pending messages [2]: 512
2018-12-06 13:18:09 ERROR (MainThread) [homeassistant.core] Error doing job: Fatal error on transport TCPTransport (error status in uv_stream_t.read callback)
TimeoutError: [Errno 110] Operation timed out
2018-12-06 13:18:09 ERROR (MainThread) [homeassistant.core] Error doing job: Fatal error on transport TCPTransport (error status in uv_stream_t.read callback)
TimeoutError: [Errno 110] Operation timed out
2018-12-06 15:20:43 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2018-12-06 15:20:43 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2018-12-06 16:40:55 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)
2018-12-06 16:40:55 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

my http config :

    http:
      # Secrets are defined in the file secrets.yaml
      api_password: !secret http_password
      # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
      base_url: !secret public_url
      ssl_certificate: !secret cert_path
      ssl_key: !secret ssl_key
      trusted_networks:
              - ***REDACTED***
              - ***REDACTED***
              - ***REDACTED***
      ip_ban_enabled: True
      login_attempts_threshold: 5
      server_port: 8080

I am getting the same errors flooding the log. I've installed a fresh version with the following:

- HassOS 1.13
- Home Assistant 0.83.3 
- Raspberry Pi 3 B

The only thing I have setup is the LetsEncrypt addon. There is nothing else setup and running on this clean install.

//-----------------------

I tried to revert back to HTTP and I found the errors went away. But like most people, I need SSL, so this is of no use but at least is some information we can use to hopefully solve this issue.

//-----------------------

I have tried the various 'fixes' throughout the the HA community forums about removing the leading 'https://' or removing the port number from the 'base_url', or adding the 'cors_allowed_origins' with the base_url as one of the items in that list. None of these had any affect.

http:
  api_password: !secret http_password
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  base_url: https://[[DDNS Address]]

//-----------------------

I have also tried playing about with ports like @fcollingwood has done above. I tired to make sure that nothing from the previous setup was still trying to talk to this new HA setup. I was hoping that my Sonoff-Tasmota devices which had a local IP setup for MQTT where trying to connect using HTTP and that was causing the issue, but that was a dead end too.

//-----------------------

Is there really no one out there that has any answers or any ability to diagnose this on going issue?
I found posts about this from over a year ago. Considering how many people have an issue with this, it seems that some more thought should be put into solving it. In fact, if anyone has a decent knowledge of the code I would happily help them solve this one. I'm a .Net developer but would jump on this one if i had a little inside knowledge to get me started.

I am having this issue, here is my info:

• Ubuntu 18.04 LTS + docker
• Home Assistant 81.6
• x64 PC

Here is the relevant configuration.yaml entry:
http: login_attempts_threshold: 3 ip_ban_enabled: True trusted_networks: - 192.168.1.0/24 - 192.168.2.0/24 - 127.0.0.0/24 base_url: <redacted>.ddns.net:8123 ssl_certificate: /config/fullchain.pem ssl_key: /config/privkey.pem
^ Damn formatting - not sure how to change it.

I am having this issue, here is my info:

• Ubuntu 18.04 LTS + docker
• Home Assistant 81.6
• x64 PC

Here is the relevant configuration.yaml entry:
http: login_attempts_threshold: 3 ip_ban_enabled: True trusted_networks: - 192.168.1.0/24 - 192.168.2.0/24 - 127.0.0.0/24 base_url: <redacted>.ddns.net:8123 ssl_certificate: /config/fullchain.pem ssl_key: /config/privkey.pem
^ Damn formatting - not sure how to change it.

Spaces in front of each line.

Same issue for me.

• Synology, Docker
• Home Assistant 0.82.0

http:
base_url:
server_port: 8123
ssl_certificate: /config/certificate.pem
ssl_key: /config/privkey.pem

It can be solved by runing an reverse nginx proxy with ssl configure and don't know why.

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
  listen 443 ssl http2;
  ssl_certificate your_cert
  ssl_certificate_key your_key
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name your.domain;

  index index.html index.htm index.php;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

  #error_page 404 /404.html;
  #error_page 502 /502.html;
  charset utf-8; 
  client_max_body_size 75M;


  location / {
      proxy_pass https://127.0.0.1:8123;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
  }
}

It can be solved by runing an reverse nginx proxy with ssl configure and don't know why.

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
  listen 443 ssl http2;
  ssl_certificate your_cert
  ssl_certificate_key your_key
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name your.domain;

  index index.html index.htm index.php;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

  #error_page 404 /404.html;
  #error_page 502 /502.html;
  charset utf-8; 
  client_max_body_size 75M;


  location / {
      proxy_pass https://127.0.0.1:8123;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
  }
}

How would one go about doing this on Hassio?

It can be solved by runing an reverse nginx proxy with ssl configure and don't know why.

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
  listen 443 ssl http2;
  ssl_certificate your_cert
  ssl_certificate_key your_key
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name your.domain;

  index index.html index.htm index.php;
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

  #error_page 404 /404.html;
  #error_page 502 /502.html;
  charset utf-8; 
  client_max_body_size 75M;


  location / {
      proxy_pass https://127.0.0.1:8123;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
  }
}

How would one go about doing this on Hassio?

I deploy homeassistant in synology nas with docker.

I have the same annoying issue on my configuration:
Hassio with Raspberry PI 3

Relevant configuration.yaml

http:
  api_password: !secret http_password
  base_url: xxx.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

error type 1:

Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

error type 2:

Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

Ubuntu 18.04 LTS
Docker
HASSIO 84.3 or 85.1
DuckDNS & LetsEncrypt

Getting the same error as everyone above.

Me too: hass.io 0.79.3

2019-01-13 16:53:27 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: WRONG_VERSION_NUMBER
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)
2019-01-13 16:53:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:841)

Same for me:

Error doing job: SSL error errno:1 reason: HTTP_REQUEST
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
  File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

And:

Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
  File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
  File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

Hassio on RPi3. Home Assistant 0.85.1.

Http configuration:

http:
  base_url: https://[myowndomain].nl:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  api_password: !secret http_password

Using Let's Encrypt for SSL.

I had this error but resolved it by

• using "virtual servers" instead of "Port triggering" on my router
• following this guide https://help.konnected.io/support/solutions/articles/32000023964-set-up-hass-io-with-secure-remote-access-using-duckdns-and-nginx-proxy.

Give NginX SSL Proxy a try if you are stuck on this issue.

I have the same problem....

Had the same issue and resolved by:

• Making sure that my 8123 is forwarded to 8123
• Setting the base_url: https://[My_domain].com (Note no port)
• Setting the ssl_certificate: /ssl/fullchain.pem and ssl_key: /ssl/privkey.pem
• Making sure I go to https://[My_domain].com:8123
  (Double check if you get ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841))

I just randomly stumbled upon this and got it up and running in about 5 minutes. No more SSL handshake issues.

https://community.home-assistant.io/t/hass-io-add-on-letsdnsocloud-custom-domain-ssl-ddns/84231/15

I'm having the same issues on a RPi 3 B+, HassOS 0.85.1

Error doing job: SSL handshake failed
 Traceback (most recent call last):
   File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof
   File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
   File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
     self._sslobj.do_handshake()
 ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:841)

Error doing job: SSL error errno:1 reason: UNKNOWN_PROTOCOL
 Traceback (most recent call last):
   File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received
   File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata
   File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata
   File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake
     self._sslobj.do_handshake()
 ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:841)

HTTP configuration.yaml

http:
   ssl_profile: intermediate
   base_url: !secret http_URL
   ssl_certificate: /ssl/fullchain.pem
   ssl_key: /ssl/privkey.pem
   api_password: !secret hapassword

Give NginX SSL Proxy a try if you are stuck on this issue.
That did the trick for me! Thanks!

Just a "me too" to bump the issue. Same configuration as anyone on Hassio with DuckDNS add-on and standard configuration.

My 2 cents: if this is simply "stuff" (plugins, random people on the net, hackers...) trying to connect to HA in HTTP and not HTTPS, the "handshake failed" error is not really an error, but only a refused connection... can't HA simply stop logging it?

2019-01-29 21:31:49 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last): 
File "uvloop/handles/stream.pyx", line 609, in uvloop.loop.UVStream._on_eof 
File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata 
File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake self._sslobj.do_handshake() 
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841) 

2019-01-29 21:31:49 ERROR (MainThread) [homeassistant.core] Error doing job: SSL error errno:1 reason: HTTP_REQUEST Traceback (most recent call last): 
File "uvloop/sslproto.pyx", line 504, in uvloop.loop.SSLProtocol.data_received 
File "uvloop/sslproto.pyx", line 204, in uvloop.loop._SSLPipe.feed_ssldata 
File "uvloop/sslproto.pyx", line 171, in uvloop.loop._SSLPipe.feed_ssldata 
File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake self._sslobj.do_handshake() 
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:841)

I am having the same problem with 87.0 - Anyone have any luck figuring out the cause.
As for NginX SSL Proxy. Does anyone have some information on setting it up ?

I was seeing the SSL: HTTP_REQUEST error that this issue is directed to. I had recently enabled SSL, and had a browser tab open somewhere to http://localhost:8123/ that was trying to reconnect. As soon as I closed that tab, the errors went away.

I agree with @namadori: The real issue here is that failed client connections should not show up in the log as scary six-line "ERROR" messages. Home Assistant isn't doing anything wrong; it's correctly failing/rejecting an improper connection attempt. I'd like to filter this error or downgrade it to DEBUG.

I was seeing the SSL: HTTP_REQUEST error that this issue is directed to. I had recently enabled SSL, and had a browser tab open somewhere to http://localhost:8123/ that was trying to reconnect. As soon as I closed that tab, the errors went away.

I agree with @namadori: The real issue here is that failed client connections should not show up in the log as scary six-line "ERROR" messages. Home Assistant isn't doing anything wrong; it's correctly failing/rejecting an improper connection attempt. I'd like to filter this error or downgrade it to DEBUG.

THANK YOU! This was messing with my log (and head) badly. I thought I made a mistake along my journey of migrating from my RPi3 to my Qnap NAS Docker installation. I closed the non-SSL tab and the errors went POOF! :slightly_smiling_face:

I still agree with @namadori that this should not be recorded in the logs as it is in the current way.

Is it possibile to set ad info instead of ERROR?

I was having this issue, something to check if you're using the nmap device tracker, exclude your HA ip address, as nmap scanning can cause this error message to appear

EDIT: Ok, i've disabled the nmap device tracker and still getting SSL handshake errors, is there a way of showing more info on the SSL session? IE the header data?

following this as I have same errors! i run in docker ubuntu 18 , letsencrypt... frustrating ...

Ok, same here - for the second time around. Why do bugs like this stay open for over 6 months while not being solved in later releases?

What is up with this bug. I have it, it's annoying. We should have a clear path to resolution by now.

I've had the same issue since updating from 0.82 to 0.93 with both straight upgrade AND freshly setup system from scratch
Very frustrating as there seems to be no solution everywhere I looked.

Please resolve it guys

@jeffehobbs @sirs2k There are over a thousand open issues. This one only results in log spam. Such comments are not constructive.

That said, there are three paths to resolution, as I outlined earlier in this thread:

1. For users: Something is trying to connect to your server over HTTP instead of HTTPS. If it's yours, make it stop. If it isn't yours, mark it down as a failed intrusion attempt.
2. For developers: Figure out how to catch the exception and provide a more helpful message; preferably graded warning or debug.
3. For writers: Document that this message does not indicate anything wrong with HA, but rather something wrong with a client, and get that documentation posted somewhere visible.

I have so many devices all connecting to HA within my LAN and log warnings such as WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 192.168.1.1 are very vague and do not help us finding the cause of the problems

All of my devices are using https and the error I'm getting is ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056) so to me it doesn't seem like a HTTP vs HTTPS problem. I'm really at a loss

@conklech I'm sorry but this issue is rather important for devs that use HA extensively. It effectively renders loggers unusable, which would otherwise show you real problems. Now, given the amount of logs that should not be there you just ignore it completely being unable to sniff other real issues.

If it wasn't important you wouldn't see it being the most bumped Home Assistant issue and so many people chiming in.

I was seeing the SSL: HTTP_REQUEST error that this issue is directed to. I had recently enabled SSL, and had a browser tab open somewhere to http://localhost:8123/ that was trying to reconnect. As soon as I closed that tab, the errors went away.

I agree with @namadori: The real issue here is that failed client connections should not show up in the log as scary six-line "ERROR" messages. Home Assistant isn't doing anything wrong; it's correctly failing/rejecting an improper connection attempt. I'd like to filter this error or downgrade it to DEBUG.

For me, I had Visual Code open with the homeassistant extension. Hadn't reconfigured the connection url after switching to SSL on homeassistant

I am not using DuckDNS but do use NabuCasa remote and I'm getting this error message every few seconds 0.95.1

Had the same issues after configuration of SSL. Figured it had to be an app, that still uses http only. Turns out, node-red was still using the old URL without SSH and was trying to access HA periodically. Switched out URL tin node-red to use https and after a restart of node-red, the errors were gone.

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates.
Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍
This issue now has been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

Still having this issue in 0.102.1

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates.
Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍
This issue now has been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.