It’s entirely possible that either the certificate on the site has gone bad, or a CA certificate on the Vera itself has expired (in which case we’ll be seeing a lot more posts like this). But one quick thing to try is adding
-k to your
curl command. This will accept all certificates and not verify them, but does not affect encryption strength.
It’s also possible that your target has reconfigured its server to drop lesser hashes and encryptions. In this case, try using each of these in turn (one at a time, not all at once) and see if one of them works:
-1 (dash one),
--tlsv1.2 (dash dash etc).
If the target site has limited connections to TLS1.3, you’re done, because the OpenSSL in that firmware won’t support it. This is highly unlikely, though, as a restriction this tight would create problems for tons of clients.
I would also recommend you try all of this by issuing the
curl commands in an SSH session, on the command line of the Vera, and with the
-v option. This will give you additional diagnostic information that you cannot easily see with
os.execute(). Just copy-paste the
curl command and all its arguments into the shell, edit, and submit.
Edit: I just tried your request myself on my Plus. It’s the CA certificate. Using
-k gets it working again.