[SOLVED] Different error on Linux (not RPi) due to Amazon certificate?

Post Reply
rclark
Posts: 5
Joined: Mon Jun 01, 2020 7:07 pm

[SOLVED] Different error on Linux (not RPi) due to Amazon certificate?

Post by rclark »

Daemon is running, but http://hostname:52051 has:

There was an error trying to access your My Media Server.
Please verify that the My Media service/daemon is running or click here to download your My Media log files.
Click OK to try connecting again

This was version Version 1.3.50.0-1 (installed and using since January 2018).
Updated to 64-bit Version 1.3.122.0 for Linux and am getting the no Internet connection error instead but still no joy.

On the command line
-------------------------
Key retrieved from container :
<RSAKeyValue><Modulus>hWrbIxN8MHJ......aE=</D></RSAKeyValue>
Webserver running...

In the logs, this seems relevant
--------------------------------------
IPCServer.cs:GetMyMediaLoginAsyncEx:192 Error - System.Net.Http.HttpRequestException: An error occurred while sending the request ---> System.Net.WebException: Error: TrustFailure (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
at /tmp/buildd/mono-5.0.1.1/external/boringssl/ssl/handshake_client.c:1132) ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
Last edited by rclark on Wed Jun 24, 2020 10:40 am, edited 1 time in total.
rclark
Posts: 5
Joined: Mon Jun 01, 2020 7:07 pm

Re: Different error on Linux (not RPi) due to Amazon certificate?

Post by rclark »

Following up on my own post in case anyone has the same issue. I have been playing with it for two weeks now trying to get it to authenticate Amazon's certificate.
TL;DR -- it still don't work

The key error to look for in your ~/.MyMediaForAlexa/MyMediaForAlexa.log is
Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
I believe that means that the public key being retrieved and stored in ~/.MyMediaForAlexa/Encryption.key doesn't match up with whatever communication with Amazon happens during startup of the application.

As for those fortunate souls who had their RPi problem resolved on May 30 :mrgreen: , I don't know what changed in the meantime. My ca-certificates are all up to date. I have flushed various directories and even reinstalled from scratch. So something's up with the way MyMedia in the cloud talks to Linux, but not Windows.

Next step for me in to learn about Docker and see if that version works.
Last edited by rclark on Sun Jun 21, 2020 11:46 pm, edited 1 time in total.
Mac-Hermann
Posts: 7
Joined: Mon Jun 01, 2020 11:27 am

Re: Different error on Linux (not RPi) due to Amazon certificate?

Post by Mac-Hermann »

Samer error message here on my Qnap Nas.
bizmodeller
Posts: 458
Joined: Thu Nov 14, 2013 8:40 pm

Re: Different error on Linux (not RPi) due to Amazon certificate?

Post by bizmodeller »

On Linux, try updating then clearing the certificate cache:

sudo apt-get install ca-certificates
then
rm ~/.config/.mono/certs/Trust/*

Then restart My Media with:

sudo systemctl restart mymedia
… or ...
sudo initctl restart mymedia

Depending on whether you are running systemctl,
bizmodeller
Posts: 458
Joined: Thu Nov 14, 2013 8:40 pm

Re: Different error on Linux (not RPi) due to Amazon certificate?

Post by bizmodeller »

For QNAP users, please can you update the app on your QNAP to one of the following depending on whether you need ARM or x64:

https://bizmodeller.s3.amazonaws.com/My ... m-x41.qpkg
https://bizmodeller.s3.amazonaws.com/My ... 86_64.qpkg

Please let us know if this resolves the issue,

Thx
rclark
Posts: 5
Joined: Mon Jun 01, 2020 7:07 pm

Re: Different error on Linux (not RPi) due to Amazon certificate?

Post by rclark »

I do not use QNAP, but I extracted the 1.3.126 executable and .so file from the x86_64 qpkg.
I deleted the entire ~/.mono, ~/.config/.mono, and ~/.MyMediaAlexa hierarchies.
I then started MyMediaForAlexa (v 1.3.126) and after entering my Amazon password through the 52051 portal, I still get the SSL Trust error in my log.
This is the same error I get with 1.3.50, 1.3.122, and 1.3.126.
bizmodeller
Posts: 458
Joined: Thu Nov 14, 2013 8:40 pm

Re: Different error on Linux (not RPi) due to Amazon certificate?

Post by bizmodeller »

Can you zip and email us your latest logs? That’s really strange.

Are your os level certs up to date in /etc/ssl/certs ?

When My Media restarts it rereads your os level trusted ca certs and reimported then into the .config/.mono/certs/Trust directory
rclark
Posts: 5
Joined: Mon Jun 01, 2020 7:07 pm

Re: Different error on Linux (not RPi) due to Amazon certificate?

Post by rclark »

My ssl certs are up to date as of June 6, 2020. Will send latest logs.
rclark
Posts: 5
Joined: Mon Jun 01, 2020 7:07 pm

Re: Different error on Linux (not RPi) due to Amazon certificate?

Post by rclark »

My problem is resolved --
I had the latest certs, but in my distribution the /etc/ssl/certs/ directory is apparently not updated by a ca-certifcates package update.
I had to run "update-ca-certifcates" to create the symlinks to /usr/share/ca-certifcates/mozilla/*
Now I'm back in business! Thanks for your patience.
bizmodeller
Posts: 458
Joined: Thu Nov 14, 2013 8:40 pm

Re: [SOLVED] Different error on Linux (not RPi) due to Amazon certificate?

Post by bizmodeller »

ok thanks for the heads up.

For completeness then, these instructions should work:

On Linux, try updating then clearing the certificate cache:

sudo apt-get install ca-certificates
sudo update-ca-certifcates
rm ~/.config/.mono/certs/Trust/*

Then restart My Media with:

sudo systemctl restart mymedia
… or ...
sudo initctl restart mymedia
bizmodeller
Posts: 458
Joined: Thu Nov 14, 2013 8:40 pm

Re: [SOLVED] Different error on Linux (not RPi) due to Amazon certificate?

Post by bizmodeller »

Also, as per other threads; if you are using QNAP please update to the following packages:

https://bizmodeller.s3.amazonaws.com/My ... 86_64.qpkg
https://bizmodeller.s3.amazonaws.com/My ... m-x41.qpkg

We've tested these with another user who confirmed this resolved the certificate issues recently on QNAP devices,

thanks
Post Reply