0

I have setup mosquitto on docker (raspberry pi 4) using certificates to secure the connection. I have no username and password configured in mosquitto. I am using this code to connect my wemos d1 mini to mosquitto with pubsubclient.

https://github.com/debsahu/ESP_MQTT_Secure/blob/master/ESP8266_MQTT_SSL/Arduino/ESP8266_PubSubClient_SSL/ESP8266_PubSubClient_SSL.ino

I do not use the secrets.h file, but I tried it before with the same result.

After inserting my credentials, mqtt data and ca.crt i get the following serial output:

Attempting to connect to SSID: MYSSID ... connected! 
Setting time using SNTP.done! 
Current time: Wed Feb 19 13:53:17 2020 Time: Wed Feb 19 13:53:17 2020 
MQTT connecting ... failed, status code =-2. Try again in 5 seconds. 
MQTT connecting ... failed, status code =-2. Try again in 5 seconds. 
MQTT connecting ... failed, status code =-2. Try again in 5 seconds.

mosquitto gives the following log:

1582138400: New connection from 192.168.0.8 on port 8883. 
1582138405: Socket error on client <unknown>, disconnecting. 
1582138405: New connection from 192.168.0.8 on port 8883. 
1582138413: New connection from 192.168.0.8 on port 8883. 
1582138418: Socket error on client <unknown>, disconnecting. 
1582138418: New connection from 192.168.0.8 on port 8883. 
1582138424: Socket error on client <unknown>, disconnecting. 
1582138424: New connection from 192.168.0.8 on port 8883. 
1582138429: Socket error on client <unknown>, disconnecting. 
1582138429: New connection from 192.168.0.8 on port 8883. 
1582138434: Socket error on client <unknown>, disconnecting. 
1582138435: New connection from 192.168.0.8 on port 8883.
1582138440: Socket error on client <unknown>, disconnecting. 
1582138440: New connection from 192.168.0.8 on port 8883. 
1582138443: Client <unknown> has exceeded timeout, disconnecting.

At least I get the last line: disconnected because of timeout. And 192.168.0.8 is the wemos D1 mini. I used the MQTTfx to connect to mosquitto with the ca.crt file before and it worked fine.

my mosquitto.conf:

allow_anonymous true

port 8883

cafile /ca.crt
keyfile /server.key
certfile /server.crt
tls_version tlsv1.2

persistence true
persistence_location /mosquitto/data/

why does mosquitto not recognise the client name that I have specified in the code? Why can I not connect to mosquitto? And how can I solve this?

I have also tried it with username and password with the same result!

hardillb
  • 54,545
  • 11
  • 67
  • 105
nopact
  • 195
  • 2
  • 12
  • Have you tested you can connect with the mosquitto command line tools e.g. mosquitto_sub? – hardillb Feb 24 '20 at 10:25
  • By default in that code, CHECK_FINGERPRINT is set. Did you set the correct fingerprint for the broker's certificate in the ESP8266 code? – romkey Feb 24 '20 at 16:10
  • Yes, got the fingerprint and public key with the commands mentioned in the code and I have tried all three options. I just tried deleted some lines of the certificate, which resulted in the same error. As far as I can see, the certificate is not recognized as correct. I created a new set of certs and it works within the command line as well as with MQTTfx. – nopact Feb 25 '20 at 10:24
  • did you figure it out? having the same problem – Itay Oct 23 '20 at 09:29
  • see my post below, let me know if you still face troubles – nopact Nov 04 '20 at 08:41

1 Answers1

0

my mosquitto.conf file now looks like this:

allow_anonymous false
password_file /mosquitto/data/passwordfile.txt


port 8883

cafile /ca.crt
keyfile /server.key
certfile /server.crt
tls_version tlsv1.2

persistence false
persistence_location /mosquitto/data/

log_type all

Here is the code I now use, just insert your credentials and certificate:

//Simple boolean to indicate first startup loop
bool startup = false;
        
        
        // Define Your Settings
        
        const char* ssid = "";
        const char* password = "";
        const char* mqtt_server = "";
        const char* mqtt_username = "";
        const char* mqtt_password = "";
        const char* mqtt_clientname = "";
        const int mqtt_port = 8883;
        
        
        //Replace with you issuing certificate authority Base64 format
        //This is also known as the "intermediate" authority that issued
        //your certificate (client.crt)
        static const char digicert[] PROGMEM = R"EOF(
        -----BEGIN CERTIFICATE-----
        
        INSERT YOUR CERT
        
        -----END CERTIFICATE-----
        )EOF";
        
void setup(){     
WiFi.begin(ssid, password);
      Serial.println("Connecting to WiFi.");
      int _try = 0;
      while (WiFi.status() != WL_CONNECTED)
      {
        Serial.print(".");
        delay(500);
        _try++;
    
        // if connection not possible, go to deep-sleep
        //if ( _try >= 10 ) {
        //Serial.println("Can't connect to wifi, go to deep-sleep");
        //ESP.deepSleep(durationSleep * 1e6);
        //}
      }
      Serial.println("Connected to the WiFi network");
      //****
      //Important to set setTrustAnchors to verify certificates
      //setInsecure() will allow the ssl connection without verification
      //****
      //client.setInsecure(); //WARNING Do NOT verify server
    
      client.setTrustAnchors(&cert);
      //NTP is required for CA Cert Validation
      setClock();
    
      //Connect to your MQTT Server and set callback
      mqttclient.setServer(mqtt_server, mqtt_port);

}

I just copied this from a project and there might be some lines missing. If so, let me know and I try to create a clean code. But all in all it should work.

nopact
  • 195
  • 2
  • 12