Bosch Smart Home Community

simont · ‎22. Juli 2025

Hi,

from today my controller in a remote location is unreachable from the app (which I did not update). I cannot reach the remote location until a couple of weeks. This is the first time that this happens in over 2 years, and curiosly on the same day of the news about a compulsory security update by 12 august. Is there any issue server side? The controller is configured to not automatically update, since I do not want surprises given the remote installation. I can ping it through a VPN connection, but the app says it is unreachable. I already opened a ticket 1382483. Any further advice? Thanks

simont · ‎23. Juli 2025

@SmartHomeGuru any comment about this periodic traffic to an Amazon cloud server located in EU? I suppose it is yours.

From yesterday evening reboot of the router a total of 5MB in and 5MB out has been exchanged by the controller with two servers, ec2-3-75-46-97.eu-central-1.compute.amazonaws.com:443, and http://ec2-35-159-76-129.eu-central-1.compute.amazonaws.com:443. Packets of about 10kB are transferred every about 1 min, this seems to be a polling or an heartbeat.

SmartHomeGuru · ‎23. Juli 2025

Hi @simont , these are not our update or certificate renewal servers. We cannot tell you exactly why these servers can no longer be reached in your case and with your setup since 6 months. To do so, we would need at least a system log, which in your case (without App) can only be uploaded locally by pressing a button on the back of the controller.

best regards

SmartHomeGuru

simont · ‎23. Juli 2025

So are you saying that the controller is communicating with someone else? Are you serious? This is a severe security flow!

Please also tell me exactly what I have to do when I will be on place. Restart the controller? Reset the controller? When I have to press which button on the controller? Please post link to relevant documentation. Also, since I have access through local API, is there anything I can do to help you debugging?

SmartHomeGuru · ‎23. Juli 2025

Hi @simont , you only have to restart the controller to update the root certificates. Update of the controller firmware is then needed to update the intermediate certificate to not into the same situation on the 17th August 2025.

Best regards

SmartHomeGuru

simont · ‎23. Juli 2025

@SmartHomeGuru

Using Postman to access through local API I confirm that the certificate indeed expired few days ago.

Connection with Postman is possible only allowing expired certificate.

The approaching certificate expiration MUST be properly notified to the user, so that he could act in advance to any disruption.

Anyhow, it seems to me that with some previous update the periodic update check has been disabled if automatic update has been disabled, contrary to what you states, and performed only at startup.

In fact, I remember that initially (winter 2022-2023), even with automatic updates disable I received notifications of new updates (which where then correctly not installed). At some time, after some update I can not remember the date or version, notifications for updates stopped. In order for the update to appear I had to restart the controller when locally present, which cause the notification to appear. I thought this was a new intended behavior. This could also explain why the certificate was not updated, despite the connection with your cloud for remote usage (but not for updates).

So I urge you to check and fix what it seems to be a regression not recently introduced, but exploded with the recent certificates expiration, as shown by the many issues reported in the last month on the forum.

It is also fundamental that you check to which server the controller is currently speaking. It is not enough that you dismiss it by saying that it's not yours. I double checked by disabling the router LAN port connected to the controller, which made it correctly unreachable, and the traffic to the two address reported stopped, just to reappear as soon as the port was reanabled and the controller reachable again. I hope that you are not suggesting that the router is inventing connections to a cloud server in Europe, just to make a joke to us. It's your device that is speaking with something, it may be even be an NTP server (which I doubt), but you must know what it is.

I hope that the situation could recover by itself as soon as I can restart the controller. Meanwhile any other advice is welcome. Is it for instance possible to reactivate automatic update using the local APIs?

simont · ‎24. Juli 2025

@SmartHomeGuru

Since I verified that it's possible to connect via local API by disabling certificate check on the client side, and you also confirm that your update server can do that, this means that it's possible to provide a workaround for certificate expiration issues with a simple patch to the App. It is enough to add an "emergency mode" that disable certificate check. For security reasons I suggest that when connection is through your cloud, only a limited set of functions are allowed, such as Reboot, forced update of the certificare, forced update of the firmware. Instead, when connection is local, the full set of operation should be allowed even with an expired certificate. This would also fully comply with your statement that your system can be fully operated locally, which we recently discovered it's not completely true. Should I decide, for whatever reason, to remove internet access, or should you decide to switch off the cloud for whatever reason, I will loose local operation within 2 years. I have to be frank here: fully local operation is really the only unique selling point of your system, which otherwise is on par o below others.

Also, I would like to know if you discovered to who is my controller regularly speaking. You said that it's not your update server. Is your remote control cloud server? If not, we have here a severe security and privacy breach, that I have to report extensively. So please answer in a complete and clear manner.

SmartHomeGuru · ‎24. Juli 2025

Hi @simont , the connection to the AWS servers depends on the services you use, such as Remote Access, Push-Notifications, Partner...

best regards

SmartHomeGuru

simont · ‎24. Juli 2025

ok, so they are your servers for other purposes, and the controller is properly communicating, it's only the communication with the update server that got somehow stuck

simont · ‎25. Juli 2025

@SmartHomeGuru

Quick update. I actually monitored DNS query from the controller, and the only relevant one (apart from a NTP server) is secure-mprm.p1.bosch-smarthome.com, which resolve to a CNAMe and then to the previously reported two AWS server. There is no attempt to connect to other server reported on the forum, such as push.p1.bosch-smarthome.com,
rollouts-cs.bosch-smarthome.com, identity.bosch.com, smarthome.authz.bosch.com

SmartHomeGuru · ‎25. Juli 2025

Hi @simont , thx for the update. secure-mprm.p1.bosch-smarthome.com is for the Remote Access.

best regards

SmartHomeGuru

Maurice · ‎25. Juli 2025

Crude idea: Set the date on your phone to before 2025-07-20 (when the certificate on the SHC expired). Maybe this can trick the app into connecting to the SHC. And maybe, just maybe, you can then update it without having to power cycle it.

Privater Endanwender, kein Bosch-Mitarbeiter.
SHC II + Funk-Stick mit 38 Geräten + 12 Hue + Home Connect, 130 Automationen, OnePlus 7T mit Android 12

☝ gerne mitmachen! Info SHC Generation, Smartphone und Betriebssystem hilft häufig bei der Lösung von Problemen. Einfach im Profil bei "Persönliche Informationen" in der "Signatur" eintragen.

simont · ‎25. Juli 2025

Nice shot! That actually worked! But only in "local" mode, through VPN. Without VPN connection is through Bosch server, which of coarse I cannot tweak.

Now I will try to enable automatic updates.

simont · ‎25. Juli 2025

Automatic update enabled. Let's see if something happens.

simont · ‎25. Juli 2025

@SmartHomeGuru As you see, following the advice from Maurice to set back the phone clock, I was able to connect the app to the controller via VPN. I enabled automatic update and uploaded the log. Could you check what’s wrong? So far, no new connection to other servers by the controller, apart log.p1.bosch-smarhome.com when I sent the log

simont · ‎28. Juli 2025

@SmartHomeGuru After 3 days with automatic update enabled, still no certificate update nor notification of firmware update. Any insight from the log I sent?

SmartHomeGuru · ‎28. Juli 2025

Hi @simont , yes, your controller is still not connecting to our rollout server. Your log has arrived but is empty and contains no data.

Best regards
SmartHomeGuru

simont · ‎28. Juli 2025

I see..., and are you confident that a reboot will solve the issue?

SmartHomeGuru · ‎30. Juli 2025

Hi @simont , we have already seen controllers in our analyses that worked properly again after a reboot. However, we cannot guarantee this.

Best regards

SmartHomeGuru

simont · ‎16. August 2025

@SmartHomeGuru

After reboot, the certificate was updated and the latest update applied. Everything now works. It seems to me however that all the update/certificate process it's somehow broken and should be fixed. The new certificate was released in April, and will expire in April 27. My controller is not set for automatic update, and since I was only able to manually update it in December, the certificate release was missed. Certificate update should go through even if automatic updates are disabled. Moreover, even when I eventually enabled automatic update using the date trick, no update was performed until I rebooted the controller. This is not the expected behavior. It would also be useful to report in the App the expiration date of certificates.

SmartHomeGuru · ‎20. August 2025

Hi @simont , thank you for your enquiry and your input. We will gladly forward it to the relevant department.

Best regards
SmartHomeGuru

Bosch Smart Home Community

Controller unreachable

Rechtswidrigen Inhalt melden