API calls after 2021-09-30 14:00:00 UTC return with SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. Did the SSL certificate expire?
https://pvoutput.org/service/r2/addstatus.jsp
I’d say so. Lots of websites are having SSL certificate issues today. Main trust root certificate expired September 30th.
Actually, this might be an issue locally related to certs on my rpi, I am able to manually use the API from a different machine, investigating now.
UPDATE:
Client ca-certificate updates did not help, but ran into this:
Let’s Encrypt DST Root CA X3 expiry Sept 30th 2021 | Certify The Web Docs
I tend to say it is a local issue on my rpi (fine on my other machines), as a simple wget pvoutput.org fails ‘certificate not trusted’ despite attempts to get the latest root cert from Let’s Encrypt, still fighting.
On my Arduino I am still publishing data to pvoutput.org…a quick look at my code and I’m not using SSL.
http, not https
Ian.
I’m using https. Got it sorted, python requests needed to be updated on my rpi.
My pi with sbfspot stopped uploading last night. (Mountain time USA)
Suspect similar issue.
Do you happen to have a document to explain how to do this update for python requests?
or is it the usual suspect: sudo apt-get update & & sudo apt-get upgrade?
This is always a good start:
sudo apt-get update
sudo apt-get upgrade
Then
sudo update-ca-certificates
If using python,
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
Check if that is actually being used:
python
>>> import certifi
>>> certifi.where()
'/etc/ssl/certs/ca-certificates.crt'
To upgrade requests:
pip install requests -U
or for older python:
pip install requests[security] -U
Further reading here (especially if using old Python versions): Python Requests - How to use system ca-certificates (debian/ubuntu)? | Newbedev
Not sure which python you are using, 2.7 is getting quite troublesome, 3.7+ seems much better on this front as well.
The expired root certificate (DST Root CA X3) has been removed and replaced with new root (ISRG Root X1).