Podcast playing issue (certificate ?)

framboiseMusicale · October 31, 2021, 9:01pm

Hi
I need some help on a podcast that doesn’t work any more.
I’m running Volumio 2.861
The issue occurs with the Podcast 0.3.0 plugin
Most podcasts just work fine
The issue is on a specific Podcast with error message:

Error Failed to decode https://chtbl.com/track/6875AF/stats.podcloud.fr/yann-darwin/numero-37-applique-ces-3-conseils-maintenant-et-ta-vie-dinvestisseur-va-changer/enclosure.d559b3644469d72e31675542755de1d01220bd1cc21b8f7037d76386fe9881f4.mp3?p=f; 
CURL failed: server certificate verification failed.
 CAfile: /etc/ssl/certs/ca-certificates.crt 
 CRLfile: none

This URL plays the audio in Firefox browser like a charm.

My issue is quite similar with Webradio won't play. Certificate? - #3 by jopreu so I’ve tried to solve it the same way…with no luck

I downloaded s3-eu-central-1-amazonaws-com-chain.pem with Firefox
renamed in *.crt and moved to /usr/local/share/ca-certificates

sudo update-ca-certificates
Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.

These steps didn’t help

Then I try the following:

curl -v https://chtbl.com/track/6875AF/stats.podcloud.fr/yann-darwin/numero-38-comment-jai-achete-mon-1er-immeuble-pour-490eu-et-revendu-370-point-000/enclosure.6619fd981a54ee96795c5259b9f636e95e0287cfdeda1b7d98d07e915b293bca.mp3?p=f
* Hostname was NOT found in DNS cache
*   Trying 52.222.174.86...
* Connected to chtbl.com (52.222.174.86) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*        subject: CN=chtbl.com
*        start date: 2021-01-14 00:00:00 GMT
*        expire date: 2022-02-12 23:59:59 GMT
*        subjectAltName: chtbl.com matched
*        issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*        SSL certificate verify ok.
> GET /track/6875AF/stats.podcloud.fr/yann-darwin/numero-38-comment-jai-achete-mon-1er-immeuble-pour-490eu-et-revendu-370-point-000/enclosure.6619fd981a54ee96795c5259b9f636e95e0287cfdeda1b7d98d07e915b293bca.mp3?p=f HTTP/1.1
> User-Agent: curl/7.38.0
> Host: chtbl.com
> Accept: */*
>
< HTTP/1.1 302 FOUND
< Content-Type: text/html; charset=utf-8
< Content-Length: 0
< Connection: keep-alive
< Date: Sun, 31 Oct 2021 20:21:03 GMT
* Server nginx/1.17.10 is not blacklisted
< Server: nginx/1.17.10
< Location: https://stats.podcloud.fr/yann-darwin/numero-38-comment-jai-achete-mon-1er-immeuble-pour-490eu-et-revendu-370-point-000/enclosure.6619fd981a54ee96795c5259b9f636e95e0287cfdeda1b7d98d07e915b293bca.mp3?p=f
< Set-Cookie: _chtbl=ac8ea307c7e741b297ad789dca8644df; Domain=.chtbl.com; Path=/
< Access-Control-Allow-Origin: *
< X-Cache: Miss from cloudfront
< Via: 1.1 e01ab9056cc78875229a55be936f41ee.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: CDG50-P2
< X-Amz-Cf-Id: BjiZgWACrXS1iFuXWyLr0JOW_ACE5MgrpRtJVFrWmZTBisMXlzVEAg==
<
* Connection #0 to host chtbl.com left intact

I don’t understand this: SSL certificate verify ok

ashthespy · October 31, 2021, 10:05pm

Is there a reason you don’t run a more recent 2.x release? There were recent updates for expired CA certificates…

framboiseMusicale · November 1, 2021, 10:22am

Hello
Maybe not a good reason but to update, I would need to dismount (physically) my box, use a larger SDcard and setup all. One day, I’ll have to do it
Do you know how to update CA certificates ?

ashthespy · November 1, 2021, 11:07am

You should be able to just run the OTA updater right? (I am assuming you are using x86/Rpi)

Look at Important notice to all Volumio 2.xxx users, firmware update needed! for some alternative ideas - but the recommend route is the OTA

Baptiste · November 5, 2021, 9:24am

I had the same issue.
Some podcast were running fine. Other are failing.
Got this error message (basically same as yours)

Failed to decode https://rf.proxycast.org/91a2df23-bd85-4f65-8f8d-96ab2da07be5/22046-28.09.2021-ITEMA_22789262-2021F43553E0024-21.mp3;
CURL failed: server certificate verification failed.
CAfile: /etc/ssl/certs/ca-certificates.crt
CRLfile: none

Updated Volumio according to discussion on this feed.
I am now running Volumio 2.917 and podcast plugin 0.3.0

Works fine for all podcasts.

framboiseMusicale · November 5, 2021, 9:56am

Hello Baptiste

Thanks for your feedback, glad it works for you
It has encouraged me to update to latest version, so now I’m running version 2.917…but still have same issue
I’ve checked again that the URL was still working using Firefox: it works fine in firefox

I’ve done an OTA update (which was quite fast and smooth)

I’m not yet decided to set up all volumio from scratch…so, any idea on how to fix this issue ?

ashthespy · November 5, 2021, 10:17am

Would you share some system logs please?

Preferable from a fresh reboot, with minimal steps to reproduce the problem

framboiseMusicale · November 5, 2021, 12:29pm

logs sent in PM
thanks

Baptiste · November 6, 2021, 8:59am

OK
The system isset up for my son who is basically using it to listen to the music stored in our NAS and podcast from french national radio.
It worked until… this morning. I had to access to the volumio through the web interface on my computer.
I haven’t done much (checked the update but no new available) and try to restart the podcast directly from computer. And it reworked.
Do you have the possibility to access your Pi from computer?
Initialy, I also erased all the podcasts and reimport them into volumio.

Can’t help more. Sorry.
I hope the log will help

Keep me informed please as I think the situation is not relly stable.

b.

Baptiste · November 6, 2021, 9:01am

Oh yes another point.
How do you set your podcast in the plugin?
I use the RSS link. Might be a way to investigate.

framboiseMusicale · November 6, 2021, 9:13pm

thanks for your feedback

I can access my Volumio (Pi3B+) either with computer (firefox browser / ssh putty) or by touchscreen display.

I’ve already tried to delete and add podcast again but it didn’t help.
I guess that the only way to add a podcast is with a RSS url.
Hope the logs will help

ashthespy · November 6, 2021, 9:48pm

Didn’t see anything regarding certificate errors in the log, sorry.

If you want to rule out ca cert issues on your device side, I’d recommend the new beta. It’s got much more recent packages than the Jessie based 2.x, that went EOl close to year and a half back…

framboiseMusicale · November 7, 2021, 5:35pm

Thank you very much anyway for your investigation.

I can use my device without this podcast for some time
When I will be ready, I’ll upgrade both SD card (4Gb is too small) and the OS