SSL Certificate Error

  • 5
  • Question
  • Updated 5 months ago
Unable to upload data to WU due to ssl.CertificateError.  Started at 2300hrsGMT last night (29 Jan 20).

No changes to my system at all, just wondering of any of the changes currently happening within WU's systems have caused the issue?
Photo of David McCreath

David McCreath

  • 6 Posts
  • 0 Reply Likes

Posted 5 months ago

  • 5
Photo of Derek Woodley

Derek Woodley

  • 6 Posts
  • 0 Reply Likes
I upload using an Arduino.
My weather stations are still sending data streams to wunderground as in the past but the upload is not being accepted or displayed on the Weather Underground website and stations show off line.
Has there been a change in the expected protocol?
Photo of tmarschner

tmarschner

  • 3 Posts
  • 2 Reply Likes
Hi there,

Here's an alternative workaround that doesn't require you to send your Wunderground credentials in clear text. It turns off certificate validation for python. I've tested this on weewx 3.9.2 on a Raspberry Pi (v. 9 Stretch) running python 2.7.13.

Modify the weewx startup script /etc/init.d/weewx.

Find the start-stop-daemon line that starts up weewx (the do_start routine) and insert "/usr/bin/env PYTHONHTTPSVERIFY=0" into the --exec parameter as shown below:
start-stop-daemon --start --chuid $WEEWX_USER --pidfile $PIDFILE --exec /usr/bin/env PYTHONHTTPSVERIFY=0 $DAEMON -- $DAEMON_ARGS || return 2
Cheers,
Tom







Photo of David McCreath

David McCreath

  • 6 Posts
  • 0 Reply Likes
On my system (same as Toms), it's on line 62.

Works fine and you need to reboot.
(Edited)
Photo of Tim Urberg

Tim Urberg

  • 1 Post
  • 1 Reply Like
Works great, you don't need to reboot, just restart weewx, and then it also told me to reload the daemon.

sudo service weewx restart
sudo systemctl daemon-reload

(Edited)
Photo of Rupert Perry

Rupert Perry

  • 2 Posts
  • 0 Reply Likes
I'm having the same issue with the very latest version of wunderfixer, which I am using to try and fill in all the missing data from this problem last week! 

This error message is from wunderfixer run just now:

weewx.restx.CertificateError: hostname u'weatherstation.wunderground.com' doesn't match either of '*.prod-pws-ng-546567-997b58a668d15d562a6bed58ea7c5f9e-0000.us-south.containers.appdomain.cloud', 'prod-pws-ng-546567-997b58a668d15d562a6bed58ea7c5f9e-0000.us-south.containers.appdomain.cloud', 'prod-pws-ng-546567.us-south.containers.appdomain.cloud'

Note: This only happens sometimes... I suspect that there are certain instances with the certificate chain mis-configured, so depending on which instance the load balancer sends you to, it either works or fails.

Rupert.
(Edited)
Photo of tmarschner

tmarschner

  • 3 Posts
  • 2 Reply Likes
You should be able to turn off certificate validation for wunderfixer by entering the shell command 'export PYTHONHTTPSVERIFY=0' before running wunderfixer. I personally haven't tested this though so YMMV.

--Tom
Photo of Joshua Myles

Joshua Myles

  • 4 Posts
  • 0 Reply Likes
I think the load balanced node theory is correct. I'm kind of surprised the certificates are installed on the individual nodes, but that's what it seems like given how this keeps breaking.