Melcloud is down again as of today May 23rd at about 1300 cet.
I’m not sure if their service is down, or if it’s just a problem with their SSL certificate.
Specifically, their (new) certificate (from May 20th) can’t be verified with a valid Root CA:
Edit: my script is working again if I skip certificate validation. https://curl.se/docs/sslcerts.html
Did the same for my pymelcloud script and that seems to have fixed it, changed:
async with aiohttp.ClientSession() as session:
to:
async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(verify_ssl=False)) as session:
1 Like
As per google chrome it is a valid certificate.
It seems the rasperry is not able to validate the certification authority.
I’ve updated with the latest (http://mirrordirector.raspbian.org/raspbian/pool/main/c/ca-certificates/ca-certificates_20240203_all.deb) and still failing.
The RootCA (USERTrust) public key is available in my raspberry pi under /etc/ssl/certs/ and it is valid.
Issue solved.
Downloaded the required intermediate PEM CA from here
https://support.sectigo.com/articles/Knowledge/Sectigo-Intermediate-Certificates
and installed under /etc/ssl/certs
and then, within the directory /etc/ssl/certs
sudo c_rehash
1 Like
The android app is not working. Unable to log on so likely the new intermediate certificate they are validating under is not installed in some android distributions. They changed the cert May 20th 2024 so that makes sense.
Since getting the intermediate on android could be challenging for users they should change the cert again to one that have an existing valid chain on our smart phones until the intermediate is rolled out to all.
On iPhone I don’t have any issue even with the app.
Or they could send a copy of the chain cert with the server cert. This is a simple server misconfiguration by Mitsubishi.
2 Likes
The Android app wasn’t working for me yesterday, but is fine today.
And I’m no longer getting a certificate error from curl, so I guess it’s resolved itself somehow.
Which is a Schoolboy error and rather embarrassing!
A very easily made schoolboy error, as it doesn’t appear with all clients and certification authorities rarely admit which clients don’t directly support them. But taking long to fix it is a brown paper bag error. Doubly so if it happens again.