Skip to main content

Hi there!

I’m moving forward in the Sonos ecosystem usage after installing Home Assistant domotic controller in my house.

The controller can call “play” mp3 files so you can use the Sonos One speaker as voice of your house and it’s great!

At the beginning I have no problem. But later on I moved the server to https and after that it stops working. The SSL certificate is generated by Let’s Encrypt.

I have followed all the advices under Security at Sonos Developer but still no luck:

  1. As certificate I’m using the full chain pem file with my public cert + all intermediate certs involved + DST Root CA X3
  2. Cert is not expired
  3. DNS missmatch is checked and OK also

I have the error “Cant not play, connection with xxx.com lost”.

If helps, I have submitted diagnostics with 436828243 ID.

Hope someone has solved this before.

Thanks in advance.

(deleted)


As clarification, Let’s Encrypt certificate uses ‘DST Root CA X3’ as root CA certificate, but also include some intermediates. Here is mine:

So typical way to work for people with more luck than me is to add all of them inside the public certificate file of the server. So inside is something like:

-----BEGIN CERTIFICATE-----
public cert for your server address ***.duckdns.org
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate 1 cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate 2 cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
root CA cert (DST Root CA X3)
-----END CERTIFICATE-----

But for some reason this is not working for me and I have no way to diagnose because we have no access to the logs of the Sonos APP.

Also I want to add that I can play mp3 files from other https internet servers with no problem and I can play my mp3 file behind my https server using my laptop or phone.


Have you followed the instructionsfrom the final paragraph of https://developer.sonos.com/build/content-service-get-started/security/#Certificate-authorities-trusted-by-Sonos-players ?


Theoretically questions like this are supposed to be asked on stackoverflow with the [sonos] tag but Sonos seem to have given that up as a communication channel for developers.


Yes, this is what I have done at the moment with no luck. Explained in the previous post (BEGIN CERTIFICATE----- etc)


Yes, this is what I have done at the moment with no luck. Explained in the previous post (BEGIN CERTIFICATE----- etc)


I am a client guy, I have no idea what shenanigans are required on servers for certificates. You’ll need real Sonos help with this. Good luck.


Yes, this is what I have done at the moment with no luck. Explained in the previous post (BEGIN CERTIFICATE----- etc)


I am a client guy, I have no idea what shenanigans are required on servers for certificates. You’ll need real Sonos help with this. Good luck.

Thanks anyway!

Do you know which is the channel to submit a ticket for support using the diagnostics ID that you can get from the app?


Thanks anyway!

Do you know which is the channel to submit a ticket for support using the diagnostics ID that you can get from the app?

You are in it :-)


I’m having the same issue as the OP.  In my case, the Let’s Encrypt root certificate authority changed from DST Root CA X3 (which Sonos recognizes) to ISRG Root X1 (which it does not).  I looked into changing my certificate to one my Domain host supplies (Sectigo/NameCheap), which is also not listed.  Considering that Sectigo is one of the largest SSL certificate providers on the planet, I would think it would be acceptable for Sonos.  It’s not like we’re storing gold bars in our media players.


Useful information for Sonos to have. Have you perchance submitted a diagnostic to them, so that the programmers can “see” this data in the data log, rather than relying on the forum folks transmitting them this information?


I don’t know how to do that Bruce.


It’s in the FAQ system here: system diagnostic 


I see it now.  Thanks!