Error retrieve data from AEMET

[dave-code-ruiz]

sep 03 09:29:03 hassbian hass[1221]: 2019-09-03 09:29:03 ERROR (SyncWorker_9) [custom_components.aemet.aemet] Unable to retrieve data from AEMET. HTTPSConnectionPool(host='opendata.aemet.es', port=443): Max retries exceeded with url: /opendata/api/observacion/convencional/todas?api_key=eyJhXXX7meUo (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_ske_dhe', 'dh key too small')])")))
sep 03 09:29:05 hassbian hass[1221]: 2019-09-03 09:29:05 ERROR (MainThread) [homeassistant.components.weather] aemet: Error on device update!

my configuration.yaml:

weather:
    platform: aemet
    name: AEMET
    api_key: eyJhbGXXX
    latitude: !secret latitude_home
    longitude: !secret longitude_home
    cache_dir: /home/homeassistant/.homeassistant/aemetcache

Don't work for me, i renew my api_key but same error

[outon]

Hola,

I think your api_key is too short, mine is about 292 characters.

You should go to: https://opendata.aemet.es/centrodedescargas/inicio

There you should click on button "Solicitar" in "Obtención de API key" section and in the next screen you will enter your email.

You should receive an email from [email protected] with your api key.

As you can see... it is a quite long text.

Please review your email (spam folder too) and check that you received the email with your api key.

Un saludo.

[outon]

Sorry, I forgot to mention that there is an intermediate email to verify that your email is correct before sending the API KEY.

So, you have to click on confirmation emaili to receive your api key in a second email.

[dave-code-ruiz]

Sorry, i do exactly this and my api_key i receive from AEMET email have 285 characters

[outon]

As you can see on error reported... your key is too small.

SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_ske_dhe', '**dh key too small**')])")))

My old key was 292 characters and the new one that I just request is also 292 characters.

Are you sure you copied whole api key?

[dave-code-ruiz]

i dont know why i received an email from [email protected] with api_key with 285 characters, i make me crazy, but i sure i copy all characters, paste it on notepad++ and i see "col 285" i repeat proccess , receive new diferent key but same size.

dont worry, i try other thinks, and posted it later

[outon]

I will try with other mail address to see if this key length depends on your email.

For sure, error message is regarding key length. I will improve code to trap this error message and get a better user experience.

[dave-code-ruiz]

i try with other email address and now 282 characters, 3 characters less, my new address have 3 characters less than the other

I think email address is in the characters to the api key

[dave-code-ruiz]

Now i try with other address, and now i have 298 characters, and i receive same ERROR
Unable to retrieve data from AEMET. HTTPSConnectionPool(host='opendata.aemet.es', port=443): Max retries exceeded with url: /opendata/api/observacion/convencional/todas?api_key=eyJhbGciOiJIUzI1.... ...WCvk7wtav9AtXbYRJF-Eor6jsgPDuBLnMFcWeLg (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_ske_dhe', 'dh key too small')])")))

[dave-code-ruiz]

I think is possible the error is : Max retries exceeded with url: /opendata/api/observacion/convencional/todas?api_key=xx
or certificate ssl for https that changed 27/03/2019. I work with certificates and when i receive "bad handshake" normally is that https certificate is changed (sorry my english)

[outon]

Hola,

Cambio al castellano que quizás estemos más cómodos. English follows.

¿Puedes realizar la siguiente prueba?

Accede a la url:

https://opendata.aemet.es/opendata/api/observacion/convencional/todas?api_key=***pon aquí tu api_key***

Entonces te tendría que devolver algo similar a esto:

{
  "descripcion" : "exito",
  "estado" : 200,
  "datos" : "https://opendata.aemet.es/opendata/sh/a0ac0bc0",
  "metadatos" : "https://opendata.aemet.es/opendata/sh/55c2971b"
}

Indícame qué te muestra a ti. Sospecho que no es un "estado" : 200

---

Can you do the following test?

Go to the url:

https://opendata.aemet.es/opendata/api/observacion/convencional/todas?api_key=***put your api key here***

Then you' d have to get something similar to that:

{
  "descripcion" : "exito",
  "estado" : 200,
  "datos" : "https://opendata.aemet.es/opendata/sh/a0ac0bc0",
  "metadatos" : "https://opendata.aemet.es/opendata/sh/55c2971b"
}

Tell me what it shows you. I suspect it is not a "estado" : 200

[dave-code-ruiz]

Mucho mas comodo, jejeje

Recibo un "exito" 200, desde el movil, tengo que probar en hass con un curl o algo asi pero me llevara mas tiempo porque no recuerdo la instrccion exacta

{
"descripcion" : "exito",
"estado" : 200,
"datos" : "https://opendata.aemet.es/opendata/sh/30f2cb00",
"metadatos" : "https://opendata.aemet.es/opendata/sh/55c2971b"
}

I receive 200 exito, in my phone, i try in my hass with curl and post it

[outon]

Si usando la API_KEY recibes una contestación correcta con un "estado": 200 significa que no hay errores en tu API KEY.

Voy a revisar el código por si puedo detectar el error.

[dave-code-ruiz]

Buenas, he realizado varias pruebas y si utilizo "curl" recibo el mismo error, he buscado por internet y he encontrado esto:
I have done several tests and if I use "curl" I receive the same error, I searched the internet and found this:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907788

Message #21 received at [email protected] (full text, mbox, reply):

From: Alessandro Ghedini [email protected]
To: [email protected]
Subject: Re: Bug#907788: "dh key too small" since openssl upgrade
Date: Wed, 3 Oct 2018 22:55:30 +0100
[Message part 1 (text/plain, inline)]
On Sat, Sep 29, 2018 at 06:33:02PM +0200, Sebastian Andrzej Siewior wrote:

control: unblock 907015 by 907788

On 2018-09-02 09:59:11 [+0200], VA wrote:

Since openssl upgrade to 1.1.1~~pre9-1, curl is not able anymore to do
requests to some sites. For example:

% curl https://www.credit-cooperatif.coop/
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

It used to work with curl, and it still works with wget (which uses gnutls).

I suspect it's related to #907015.

I would close that if I were the curl maintainer. The remote site in the
example uses a small DH key [0]. If you can't get owner to upgrade the
site and want still to access the site I suggest to remove
CipherString = DEFAULT@SECLEVEL=2
from /etc/ssl/openssl.cnf.

[0] https://www.ssllabs.com/ssltest/analyze.html?d=www.credit-cooperatif.coop
[signature.asc (application/pgp-signature, inline)]

, parece que a partir de una versión de openssl no se puede usar curl para https, he probado a realizar la llamada con wget y ahora si me devuelve un codigo 200 de "exito"
it seems that from a version of openssl you cannot use curl for https, I have tried to make the call with wget and now return to me a 200 code "exito"

pi@hassbian:/home/homeassistant/.homeassistant $ sudo curl https://opendata.aemet.es/opendata/api/observacion/convencional/todas?api_key=eyJhbGciOiJ...meUo > /dev/null   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:**dh key too small**
pi@hassbian:/home/homeassistant/.homeassistant $ sudo wget --output-document - https://opendata.aemet.es/opendata/api/observacion/convencional/todas?api_key=eyJhbGciO...meUo > /dev/null
--2019-09-04 10:55:39--  https://opendata.aemet.es/opendata/api/observacion/convencional/todas?api_key=eyJhbGci...m27meUo
Resolviendo opendata.aemet.es (opendata.aemet.es)... 212.128.97.177
Conectando con opendata.aemet.es (opendata.aemet.es)[212.128.97.177]:443... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 175 [application/json]
Grabando a: “STDOUT”

-                                                      100%[=========================================================================================================================>]     175  --.-KB/s    en 0s

2019-09-04 10:55:40 (41,6 MB/s) - escritos a stdout [175/175]

cualquier avance me cuentas, gracias por todo

Any progress tell me, thanks for everything

[dave-code-ruiz]

Creo que lo he resuelto, he modificado la siguiente funcion:

def _api_request(data_url: str, api_key: str = None):
        """Load data from AEMET.
        :param data_url: API call url
        :param api_key: API private key
        :return: json with AEMET response
        """

        _LOGGER.debug("Loading data from %s", data_url)

        requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += 'HIGH:!DH:!aNULL'
        try:
            requests.packages.urllib3.contrib.pyopenssl.DEFAULT_SSL_CIPHER_LIST += 'HIGH:!DH:!aNULL'
        except AttributeError:
            # no pyopenssl support used / needed / available
            pass

        params = {"api_key": api_key}
        try:
            if api_key is None:
                response = requests.get(data_url)
            else:
                response = requests.get(data_url, params=params)
        except (ConnectionError, HTTPError, Timeout, ValueError) as error:
            _LOGGER.error("Unable to retrieve data from AEMET. %s", error)
            return []
        aemet_response = response.json()

        return aemet_response

le he añadido el código siguiente, buscando en internet:

https://www.codesd.com/item/python-requests-exceptions-sslerror-key-dh-too-small.html

requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += 'HIGH:!DH:!aNULL'
        try:
            requests.packages.urllib3.contrib.pyopenssl.DEFAULT_SSL_CIPHER_LIST += 'HIGH:!DH:!aNULL'
        except AttributeError:
            # no pyopenssl support used / needed / available
            pass

[outon]

Podrías indicarme la versión de tu HASS y sobre qué sistema operativo está instalado.

Realizaré un cambio con el código propuesto pero debo asegurar que no rompe otros entornos.

[dave-code-ruiz]

Hassbian 0.98.1

System Health
arch armv7l
dev false
docker false
hassio false
os_name Linux
python_version 3.7.3
timezone Europe/Madrid
version 0.98.1
virtualenv true
Lovelace
mode storage
resources 2
views 11

[saulmayo]

I have the same problem. My Home Assistant is 0.101.3

Making the request by browsing to the API I get a 200

If I run curl I get error:

curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

If I run wget it works.