-1

I'm using ESP32 Arduino "WiFiClientSecure" client set to client.insecure() to make API calls to my Heroku-hosted app, and after deploying my custom domain I receive the following error.

http://myapp.herokuapp.com/apicall works from browser and from ESP32.

http://api.mydomain.com/apicall works from browser, but fails from ESP32 with error message:

[E][ssl_client.cpp:36] _handle_error(): [start_ssl_client():216]: (-30592) SSL - A fatal alert message was received from our peer
[E][WiFiClientSecure.cpp:133] connect(): start_ssl_client: -30592

Mydomain is set up to Heroku DNS with a C-record.

I don't have a great understanding of SLL. If I can avoid putting a certificate in the ESP32 firmware I'd love to. But I have found myself replacing the ESP32 Arduino code with ESP-IDF code several times, so I'm willing to get rid of Arduino in this case as well if that turns out to be necessary.

I would really appreciate any pointers on where to start the debug. I don't know where to look next.

LearnDude
  • 83
  • 8
  • 1
    `http://api.mydomain.com/apicall` isn't a secure URL - why would you expect to be using WiFiClientSecure/HTTPS with an HTTP URL? – romkey Nov 19 '21 at 20:50
  • That's why I'm setting the client to insecure. It works for the heroku url. – LearnDude Nov 19 '21 at 22:35
  • 1
    That’s not what insecure does. It tells the SSL layer to not verify the certificate. It doesn’t make it magically work with HTTP instead of HTTPS. – romkey Nov 20 '21 at 00:02

1 Answers1

0

The whole issue is that I needed a paid subscription to use SSL on a custom domain. This sentence on the Heroku wiki could use some clearer wording: "Apps using free dynos can only use the *.herokuapp.com certificate."

As soon as I signed up for a $7 per month Hobby subscription, everything started working.

LearnDude
  • 83
  • 8