HPM seems unable to do most anything requiring connection to the Hubitat. Errors look like:
Error retrieving installed apps: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I've enabled SSL on the Hubitat with a custom TLS certificate. SSL/TLS connections to the Hubitat work fine from browser. Suspect that the root cert for my Hubitat cert needs to be added to some Java root cert store in order for HPM to be able to connect. (Browser has this root cert as trusted and hence doesn't have issues.) Any ideas on this? I'm not very experienced in the Java admin world other than recalling that the Java keytool exists. I don't know where the root cert trust store is kept / how to add my root cert. Thanks!
Longer sample of logs for HPM:
app:112021-05-26 10:10:04.930 am errororg.codehaus.groovy.runtime.InvokerInvocationException: java.net.SocketTimeoutException: Read timed out (prefInstallRepositorySearchResults)
app:112021-05-26 10:09:53.915 am debugprefInstallRepositorySearchResults
app:112021-05-26 10:09:45.929 am debugprefInstallRepositorySearch
app:112021-05-26 10:09:43.678 am debugprefPkgInstall
app:112021-05-26 10:09:37.407 am errorUnable to get the app ID of the package manager
app:112021-05-26 10:09:37.284 am debugInstalling HPM Manifest
app:112021-05-26 10:09:37.281 am errorError retrieving installed apps: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
app:112021-05-26 10:09:37.169 am debugnull
app:112021-05-26 10:09:37.153 am debugGrabbing list of installed apps
app:112021-05-26 10:09:30.578 am errorUnable to get the app ID of the package manager
app:112021-05-26 10:09:30.434 am debugInstalling HPM Manifest
app:112021-05-26 10:09:30.431 am errorError retrieving installed apps: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
app:112021-05-26 10:09:30.310 am debugnull
app:112021-05-26 10:09:30.291 am debugGrabbing list of installed apps
app:112021-05-26 10:09:29.711 am debugRefreshing repository list
app:112021-05-26 10:08:42.812 am errorUnable to get the app ID of the package manager
app:112021-05-26 10:08:42.687 am debugInstalling HPM Manifest
app:112021-05-26 10:08:42.684 am errorError retrieving installed apps: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
app:112021-05-26 10:08:42.574 am debugnull
app:112021-05-26 10:08:42.559 am debugGrabbing list of installed apps
app:112021-05-26 10:08:41.951 am debugRefreshing repository list
... repeats ...
You should consider posting this in the main HPM thread to ensure it is seen by the developer. That being said, your issue may have been fixed in @dman2306's latest beta version.
4 Likes
Thanks, I'm a newbie here and wasn't sure where question should be posted. Looking at the [main HPM thread], my post now appears here. Is there anything else I need to do for that part of your request?
Second: How do I refresh HPM / point it to pickup the beta version? I installed HPN by setting the import URL as the GitHub raw code URL .. ...dcmeglio/hubitat-packagemanager/master/apps/Package_Manager.groovy
?Is there an alternate "beta version" raw code URL? Where do I change that for HPM? Or, do I need to uninstall / reinstall HPM using a new URL? Other?
Finally - on thinking a bit more about the Java Truststore and keytool, I've added my root cert to my desktop system's default Truststore but then realized that HPM is getting these failures running in the context of the Hubitat and hence that's a different Java Truststore and I'm even less sure how to update that. It wasn't mentioned in the articles describing how to install an alternate TLS cert for the Hubitat (.../hubitat/hub/advanced/certificate).
Thanks again for your patience as I learn my way around.
@aaiyar (sorry, should have tagged you in questions above .. learning ..)
For community created apps and drivers, the developer usually creates the initial topic and therefore, the forum itself will tell the the developer that a new message has been posted to "their topic" -- thus speeding the attention it gets.
You can always choose "belt and suspenders" by posting a new topic, as you did and then a quick post in the "main topic" to say something like "Look at this topic, please.."
I have community code too and so I know that I review MY new messages first before looking at new topics.
Unless you specifically want to test the Beta code and have the cautionary experience to understand the risks, I'd usually suggest you wait for full release. I think one valid point about mentioning the beta is just to reassure people that the problem is being worked. 
4 Likes
Thanks. Appreciate the protocol hints. I'm new to this environment (Hubitat, Java, Github), a true dinosaur skeleton leftover from a C++ career. That said, I have (and have tested) backups and know the risks of beta testing (been on both sides of that edge.) I suspect the problem addressed in the beta is not my issue but learning and testing it world be a useful gain of function for me. Just not sure if it's as simple as updating the URL or if it's an uninstall / reinstall scenario. If beta fix is not addressing my issue, that would perhaps be a worthwhile note to my thread. I'll see what I can figure out. Any hints appreciated.
Normally HPM will update itself (magic, if you ask me), but for the beta, you need to copy the code again from the url, or Input Code from Web site.
Not true. It updates itself fine for me, has done so for a long time. It just has to be in the list of managed apps.
Perhaps what @jameslslate meant is that HPM can update itself from a beta version to a released version, but that it cannot update itself from a released version to a beta version.
If that is what was meant, it matches what I have observed.
1 Like
Yes, that is what I meant, although I wasn't aware that it would update from a beta to a released version, unless the released version is a later version than the beta. Or am I just confusing things even more? 
1 Like
