Enable debug mode

Host install

  1. Stop the hue-emulator service:

    sudo systemctl stop hue-emulator
    
  2. Change directory to the application home directory:

    cd /opt/hue-emulator
    
  3. Start the script with sudo ./HueEmulator3.py --debug

Try to avoid unnecessary debugging output generated by other devices that you know work correctly fine such as home assistant, and working lights. The easiest method to prevent this is by temporally turning the working devices off. It is important to save a backup of your config file before entering debug mode and if any changes to your config are made while in debug mode to save the config manually before issuing the keyboard interrupt to stop debug mode. You can do this by issuing an HTTP request from your browser to http://IP.OF.DIY.HUE/save. This will save your configuration file to the DIYHue working directory (/opt/hue-emulator/ if using the easy-install method).

Docker install

Add the following environment variable to your docker run command. This can be set to true or false to turn debug on or off.

-e "DEBUG=true"

HTTPS certificate check

To test the https certificate you can use this command from the terminal of the device running diyHue:

curl https://127.0.0.1/api/nouser/config -v -k

Sample output:

pi@raspberrypi:~ $ curl https://127.0.0.1/api/nouser/config -v -k
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=NL; O=Philips Hue; CN=b827ebfffec8991c
*  start date: Jul 22 17:40:03 2018 GMT
*  expire date: Jul 19 17:40:03 2028 GMT
*  issuer: C=NL; O=Philips Hue; CN=b827ebfffec8991c
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /api/nouser/config HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Tue, 11 Sep 2018 12:43:26 GMT
< Content-type: application/json
< Content-Length: 227
<
* Curl_http_done: called premature == 0
* Connection #0 to host 127.0.0.1 left intact
{"name":"Philips hue","factorynew":false,"mac":"b8:27:eb:c8:99:1c","datastoreversion":70,"bridgeid":"B827EBFFFEC8991C","modelid":"BSB002","swversion":"1806051111","replacesbridgeid":null,"starterkitid":"","apiversion":"1.24.0"}

Here are the important lines:

issuer: C=NL; O=Philips Hue; CN=b827ebfffec8991c

and

{"name":"Philips hue","factorynew":false,"mac":"b8:27:eb:c8:99:1c","datastoreversion":70,"bridgeid":"B827EBFFFEC8991C","modelid":"BSB002","swversion":"1806051111","replacesbridgeid":null,"starterkitid":"","apiversion":"1.24.0"}

The CN value of the certificate must be the same as the bridgeid key from the json output. This must also represent the mac address of the main interface with fffe in the middle.