-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Different countries use different websites and URL parameters to access their balance. Therefore, you may need to add a mapping between your country code and the website or URL parameters to use.
Make a PR to fix it.
On some system such as raspberry pi you may encounter this error. The problem occurs because the system certificates are not used correctly. To fix it you can install the aia package locally by cloning https://github.com/danilobellini/aia and do the following modification:
- add an import: import certifi
- replace line 100 self._context.load_default_certs() by self._context.load_verify_locations(certifi.where())
Then you can install the aia package locally: pip install -e .
SSL Certificate Issue on www.sodexo4you.be:443 => FIXED
This error shows up: I checked the certificate authority of www.sodexo4you.be and it seems to be a problem with certificate.
openssl s_client -connect www.sodexo4you.be:443 -showcertsCommand Output
Connecting to 193.70.72.38
CONNECTED(00000005)
depth=0 C=BE, ST=Brussels Hoofdstedelijk Gewest, O=Pluxee Belgium, CN=www.users.pluxee.be
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C=BE, ST=Brussels Hoofdstedelijk Gewest, O=Pluxee Belgium, CN=www.users.pluxee.be
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C=BE, ST=Brussels Hoofdstedelijk Gewest, O=Pluxee Belgium, CN=www.users.pluxee.be
verify return:1
---
Certificate chain
0 s:C=BE, ST=Brussels Hoofdstedelijk Gewest, O=Pluxee Belgium, CN=www.users.pluxee.be
i:C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 19 00:00:00 2024 GMT; NotAfter: Apr 19 23:59:59 2025 GMT
-----BEGIN CERTIFICATE-----
...truncated
-----END CERTIFICATE-----
---
Server certificate
subject=C=BE, ST=Brussels Hoofdstedelijk Gewest, O=Pluxee Belgium, CN=www.users.pluxee.be
issuer=C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA384
Peer signature type: RSA
Server Temp Key: ECDH, secp384r1, 384 bits
---
SSL handshake has read 2341 bytes and written 483 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 627887E40276CE404144E00A6739056C90FEC570EC8500C86124E2370E22FF24
Session-ID-ctx:
Master-Key: 1D0C6FCD7142EE5E28521947419F7824A6B7213967C984D99D15BA6264AED9E5C8EE9AD2692A90613EB2B5E039429CE5
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1718297042
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes
---
closed
This is strange that the intermediate and root certificates are not found. So I downloaded them in chrome, and transformed them using this tutorial :
Command Output
https://hackernoon.com/solving-the-dreadful-certificate-issues-in-python-requests-module
openssl x509 -in www.users.pluxee.be.cer -inform PEM -outform DER -out www.users.pluxee.be.der
openssl x509 -in USERTrust\ RSA\ Certification\ Authority.cer -inform PEM -outform DER -out USERTrust\ RSA\ Certification\ Authority.der
openssl x509 -in Sectigo\ RSA\ Organization\ Validation\ Secure\ Server\ CA.cer -inform PEM -outform DER -out Sectigo\ RSA\ Organization\ Validation\ Secure\ Server\ CA.der
openssl x509 -in www.users.pluxee.be.der -inform DER -outform PEM >> consolidate.pem
openssl x509 -in USERTrust\ RSA\ Certification\ Authority.der -inform DER -outform PEM >> consolidate.pem
openssl x509 -in Sectigo\ RSA\ Organization\ Validation\ Secure\ Server\ CA.der -inform DER -outform PEM >> consolidate.pem
boooo
And use the .pem file in my requests.
PS: Apparently, it is common for intermediary certificates to be missing. And certifi, the python library managing the certificates doesn't use aia-fetching. See: https://github.com/certifi/python-certifi/issues/72#issuecomment-775583728