python-matter-server: Timeout fetching PAA root certificates from Git
When using the Matter server add-on, I’m encountering an issue that appears to be a timeout fetching PAA root certificates from Git when the server is starting up:
2023-04-29 21:25:03 core-matter-server matter_server.server.helpers.paa_certificates[126] INFO Fetching the latest PAA root certificates from Git.
2023-04-29 21:30:04 core-matter-server asyncio[126] ERROR Task exception was never retrieved
future: <Task finished name='Task-1' coro=<run.<locals>.new_coro() done, defined at /usr/local/lib/python3.10/site-packages/aiorun.py:227> exception=TimeoutError()>
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/aiorun.py", line 237, in new_coro
await coro
File "/usr/local/lib/python3.10/site-packages/matter_server/server/server.py", line 94, in start
await self.device_controller.initialize()
File "/usr/local/lib/python3.10/site-packages/matter_server/server/device_controller.py", line 73, in initialize
await fetch_certificates()
File "/usr/local/lib/python3.10/site-packages/matter_server/server/helpers/paa_certificates.py", line 153, in fetch_certificates
fetch_count += await fetch_git_certificates()
File "/usr/local/lib/python3.10/site-packages/matter_server/server/helpers/paa_certificates.py", line 126, in fetch_git_certificates
async with http_session.get(f"{GIT_URL}/{cert}.pem") as response:
File "/usr/local/lib/python3.10/site-packages/aiohttp/client.py", line 1141, in __aenter__
self._resp = await self._coro
File "/usr/local/lib/python3.10/site-packages/aiohttp/client.py", line 467, in _request
with timer:
File "/usr/local/lib/python3.10/site-packages/aiohttp/helpers.py", line 721, in __exit__
raise asyncio.TimeoutError from None
asyncio.exceptions.TimeoutError
On the Matter integration side I’m getting an error that the integration is unable to connect to the Matter server:
2023-04-29 21:38:12.705 WARNING (MainThread) [homeassistant.config_entries] Config entry 'Matter' for matter integration not ready yet: Failed to connect to matter server; Retrying in background
About this issue
- Original URL
- State: closed
- Created a year ago
- Reactions: 2
- Comments: 25 (8 by maintainers)
Figured out what the issue was on my end, there was some misconfiguration/bug in my router that was causing IPv6 to be blocked due to what appears to be a bug in how Ubiquiti routers handle VPN routing.
After resolving that and restarting the Matter server (and a few reboots of the accessories), I was able to successfully pair my accessories!
Filed https://github.com/home-assistant-libs/python-matter-server/issues/292 for the pairing issue
Disabling IPv6 also seemed to get me past these timeouts in the Matter server. I wasn’t able to pair a Matter access though, either because IPv6 wasn’t available, or another bug.
I’m on Home Assistant OS on a Raspberry Pi 4. Oddly my devices all are receiving IPv6 addresses and my ISP supports IPv6, but I’m getting a 0/11 on https://test-ipv6.com/ so looks like I have some investigating to do…
bug happened to me, ended up being loss of ipv6 address at the comcast modem 😒 … release/renew fixed it!
Well, it is complicated: In theory, a Hypervisor should make sure that whatever Layer 2 network card it emulates, is properly handled on the physical card. Most physical cards filter by their known MAC address by default. I’d expect a hypervisor which creates a virtual network card with a (pseudo) random MAC, makes sure that this MAC address is also listened on the host MAC address.
Some cards support multiple MAC address they can listen on. Others need to use the promiscuous mode. The downside of the promiscuous mode is that ALL traffic is forwarded to the higher stack, leading to higher system load.
So: If possible, I’d prefer to not suggest enabling promiscuous mode. I also think it should not be necessary… But without knowing any exact system configuration (judging from the configuration path, I think it is VMware in djandrew2005 case, but not sure about version and the rest of system configuration) and further debugging/investigating i’d rather prefer to not put such things into the documentation.
I selected “Allow All” on Promiscuous Mode (VM Settings -> Network -> Advanced) and now ipv6 github certs are reachable