PlatformIO Community

Platformio reports certificate error, can not build locally

This is what I see:

❯ pio run 
Processing esp01_1m (platform: espressif8266; board: esp01_1m; framework: arduino)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Verbose mode can be enabled via `-v, --verbose` option
CONFIGURATION: https://docs.platformio.org/page/boards/espressif8266/esp01_1m.html
PLATFORM: Espressif 8266 2.6.2 > Espressif Generic ESP8266 ESP-01 1M
HARDWARE: ESP8266 80MHz, 80KB RAM, 1MB Flash
PACKAGES: 
 - framework-arduinoespressif8266 3.20704.0 (2.7.4) 
 - tool-esptool 1.413.0 (4.13) 
 - tool-esptoolpy 1.20800.0 (2.8.0) 
 - toolchain-xtensa 2.40802.200502 (4.8.2)
LDF: Library Dependency Finder -> http://bit.ly/configure-pio-ldf
LDF Modes: Finder ~ chain, Compatibility ~ soft
LibraryManager: Installing id=721 @ 3.1.6
[API] ConnectionError: HTTPSConnectionPool(host='api.registry.platformio.org', port=443): Max retries exceeded with url: /v2/lib/info/721 (Caused by SSLError(SSLCertVerificationError("hostname 'api.registry.platformio.org' doesn't match either of '*.registry.nm1.platformio.org', 'registry.nm1.platformio.org'"))) (incremented retry: max=5, total=1)
[API] ConnectionError: HTTPSConnectionPool(host='api.registry.platformio.org', port=443): Max retries exceeded with url: /v2/lib/info/721 (Caused by SSLError(SSLCertVerificationError("hostname 'api.registry.platformio.org' doesn't match either of '*.registry.nm1.platformio.org', 'registry.nm1.platformio.org'"))) (incremented retry: max=5, total=2)
[API] ConnectionError: HTTPSConnectionPool(host='api.registry.platformio.org', port=443): Max retries exceeded with url: /v2/lib/info/721 (Caused by SSLError(SSLCertVerificationError("hostname 'api.registry.platformio.org' doesn't match either of '*.registry.nm1.platformio.org', 'registry.nm1.platformio.org'"))) (incremented retry: max=5, total=3)
[API] ConnectionError: HTTPSConnectionPool(host='api.registry.platformio.org', port=443): Max retries exceeded with url: /v2/lib/info/721 (Caused by SSLError(SSLCertVerificationError("hostname 'api.registry.platformio.org' doesn't match either of '*.registry.nm1.platformio.org', 'registry.nm1.platformio.org'"))) (incremented retry: max=5, total=4)
[API] ConnectionError: HTTPSConnectionPool(host='api.registry.platformio.org', port=443): Max retries exceeded with url: /v2/lib/info/721 (Caused by SSLError(SSLCertVerificationError("hostname 'api.registry.platformio.org' doesn't match either of '*.registry.nm1.platformio.org', 'registry.nm1.platformio.org'"))) (incremented retry: max=5, total=5)
APIRequestError: [API] Could not connect to PlatformIO API Service. Please try later.:

So, yeah. Certificate error. Happens. Will be fixed at some point. That is not the problem.

The problem is that I can not get around it. I have this project completely local. No dependencies or anything needs to be downloaded. Everything is here. And yet pio not only exists to reach out to the internet on every pio run but there also seems to be no way around it. Any other build tool that I have seen has a “work local”, “offline”, “do not check” or anything flag that you can throw on the command line and then the build is fully local. If a dependency is missing, the build fails, but that is ok.

Right now, I am stuck with my project and I can’t seem to find a workaround short of blocking this hostname locally or shutting down my local wifi connection. That is a real problem; there should be a global flag to the pio command that will make it work only locally.

Hello @hgschmie,

I suppose you already tried to disable wifi/ethernet on your computer to build your project locally (to force PIO not connect to Internet) ?

Also are you sure you have all the required dependencies installed ? It seems that PIO absolutely want to install lib id=721 for your project.

Hi, thanks for responding.

my platformio.ini

[env]
framework = arduino
lib_deps =
      721@3.1.6   ; TaskScheduler
      1358@0.2.1  ; PCF8574
      576@1.1.4   ; LiquidCrystal_I2C
      1923@2.2.6  ; LCDMenuLib2
      306@1.2.3   ; ESPAsyncWebServer

[env:esp01_1m]
platform = espressif8266
board = esp01_1m

and my .pio/libdeps/esp01_1m contains:

grep version .pio/libdeps/esp01_1m/*/library.properties
.pio/libdeps/esp01_1m/AsyncTCP/library.properties:version=1.1.1
.pio/libdeps/esp01_1m/ESPAsyncTCP/library.properties:version=1.2.2
.pio/libdeps/esp01_1m/ESP Async WebServer/library.properties:version=1.2.3
.pio/libdeps/esp01_1m/LCDMenuLib2/library.properties:version=2.2.6
.pio/libdeps/esp01_1m/LiquidCrystal_I2C/library.properties:version=1.1.4
.pio/libdeps/esp01_1m/PCF8574/library.properties:version=0.2.1
.pio/libdeps/esp01_1m/TaskScheduler/library.properties:version=3.1.6

so all the libraries are here and they have the right versions. And I have them version locked, so I do not see any reason why pio is trying to connect to the servers in the first place.

Turning off the network:

ConnectionError: HTTPSConnectionPool(host='dl.registry.nm1.platformio.org', port=443): Max retries exceeded with url: /download/arkhipenko/library/TaskScheduler/3.1.6/TaskScheduler-3.1.6.tar.gz (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f4b985a4f10>: Failed to establish a new connection: [Errno -2] Name or service not known')):

otherwise I now see

SSLError: HTTPSConnectionPool(host='dl.registry.nm1.platformio.org', port=443): Max retries exceeded with url: /download/arkhipenko/library/TaskScheduler/3.1.6/TaskScheduler-3.1.6.tar.gz (Caused by SSLError(SSLCertVerificationError("hostname 'dl.registry.nm1.platformio.org' doesn't match either of '*.registry.platformio.org', 'registry.platformio.org'"))):

Sorry for the issue. It was fixed very quickly. Does it work now?

1 Like

Yes, works now. Thank you for the quick reaction. I think it would still be useful to have a true “offline” mode in which pio never tries to establish a network connection.

1 Like

PlatformIO does not require Internet connection. Everything works on your machine in offline mode. It goes to the PlatformIO Registry the only if there are no installed dependencies for your project (toolchains, libraries, etc.).

You can try to disconnect from Internet and experiment with your project.

I understand your comment, however it is not correct. The build process failed for me both with the failed certificate (because pio tried to update / validate / check something online and did not get “no route to host” but “connection refused” or an invalid certificate. Both problems caused pio to stop with an error instead of assuming that it is offline. This is a common fallacy with code that has an implicit “we still work if the internet is down” assumption. Because the internet can be down in many ways.

Which is why it would be useful to have a command line flag saying “do not try to do any attempt to connect to the network in any way”. Because it allows the user to enforce this offline mode (and there are good reasons to do so even if the network is available).

In my case, pio tried to connect to the internet (and failed) even though everything was available locally.

I did all the experimentation that you suggested (both voluntarily and involuntarily when the certificates were broken) and I feel that pio would benefit from such an “offline” flag.

I have the issue, I currently cannot run platfomrio and compile project due to certificate error;

$ pio platform run
Please wait while upgrading PlatformIO...
Error: HTTPSConnectionPool(host='api.registry.ns1.platformio.org', port=443): Max retries exceeded with url: /v3/packages?query=name%3A%22framework-arduino-avr%22+type%3A%22tool%22 (Caused by SSLError(CertificateError("hostname 'api.registry.ns1.platformio.org' doesn't match either of '*.platformio.org', 'platformio.org'",),))

Even switching off WiFi does not allow platformio to run

Error: You are not connected to the Internet.
PlatformIO needs the Internet connection to download dependent packages or to work with PlatformIO Account.

What is your machine? We turned off TLS 1.0 and TLS 1.1 due to security reason.

  1. Do you use Python 3?
  2. Please run pio system info

Mmm I can’t see to even display that

[sudo] password for fig: 
Please wait while upgrading PlatformIO...
Error: HTTPSConnectionPool(host='api.registry.ns1.platformio.org', port=443): Max retries exceeded with url: /v3/packages?query=name%3A%22framework-arduino-avr%22+type%3A%22tool%22 (Caused by SSLError(CertificateError("hostname 'api.registry.ns1.platformio.org' doesn't match either of '*.platformio.org', 'platformio.org'",),))

How did you install PlatformIO Core? Is this RPi? Please install Python 3 and re-install PIO Core with new installer script https://docs.platformio.org/en/latest/core/installation.html#super-quick-mac-linux

I have both python 2 and python 3 installed. I’ve been running platformio on this machine for years, it worked fine until the last past platformio update. Admittedly I am running an older version of ubuntu 14.04 but I try to keep packages updated.

$ python --version
Python 2.7.6
$ python3 --version
Python 3.4.3 

Yes, it’s Pio core. I’ve tried to reinstall using the script but it seems to be having trouble creating the virtual environment.

python3 -c "$(curl -fsSL https://raw.githubusercontent.com/platformio/platformio/develop/scripts/get-platformio.py)"
Installer version: 0.3.3
Platform: Linux-4.14.185-15955-gadad491c59bc-x86_64-with-glibc2.9
Python version: 3.4.3 (default, Nov 12 2018, 22:25:49) 
[GCC 4.8.4]
Python path: /usr/bin/python3
Creating a virtual environment at /home/fig/.platformio/penv
Error: Could not create PIO Core Virtual Environment. Please report to https://github.com/platformio/platformio-core-installer/issues
Traceback (most recent call last):
  File "<string>", line 105, in <module>
  File "<string>", line 101, in main
  File "/usr/lib/python3.4/subprocess.py", line 561, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/bin/python3', '/tmp/tmp6b_y9hph']' returned non-zero exit status 1
(fig)fig@localhost:~$ sudo python3 -c "$(curl -fsSL https://raw.githubusercontent.com/platformio/platformio/develop/scripts/get-platformio.p
y)"

We don’t support Python 3.4. The minimum supported version is 3.5+.

2.7.9 is the minimum supported version for Python 2. Python 2 is already deprecated. We plan to drop support for it as well soon.

Is it possible to upgrade Python at your machine? PlatformIO Core 4.0 used HTTP instead of HTTPS. This is insecure. This is why it worked for you. Now, everything works over HTTPS. Python 2.7.6 has broken SSL support.

Got it. Upgraded my system and python. All working now, thanks so much. Fantastic support :+1:

1 Like