Hi there,
I have tested connection to my MQTT server (using a LetsEncrypt certificate) by other means and at that time it appeared to work correctly so unclear why I can't publish to it with the OVMS module. Is it possible that the OVMS module doesn't have the LE roots or is trying to autenticate with a cert when it shouldn't?
My Mosquitto config:
listener 8883 capath /letsencrypt/live/secure.ethanrose.nz/chain.pem keyfile /letsencrypt/live/secure.ethanrose.nz/privkey.pem certfile /letsencrypt/live/secure.ethanrose.nz/cert.pem tls_version tlsv1.2
Logs from my OVMS module
I (1585112) ovms-server-v3: Connection is secure.ethanrose.nz:8883 XXXXXX/ovms topic ovms/ovms/XXXXXX/ I (1585112) ovms-server-v3: Status: Connecting... E (1585252) mongoose: mg_ssl_if_mbed_err 0x3f858e64 SSL error: -9984 W (1585252) ovms-server-v3: Connection failed E (1585252) ovms-server-v3: Status: Error: Connection failed E (1588502) mongoose: mg_ssl_if_mbed_err 0x3f858e64 SSL error: -29312 W (1588502) ovms-server-v3: Connection failed E (1588502) ovms-server-v3: Status: Error: Connection failed I (1588512) ovms-server-v3: Status: Disconnected from OVMS Server V3
Logs from my Mosquitto broker:
1598386918: New connection from xxx.xxx.xx.xx on port 8883. 1598386918: OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca 1598386918: OpenSSL Error: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure 1598386918: Socket error on client <unknown>, disconnecting.
Can anyone assist? The server is publicly visible so you can test the cert yourself if you'd like.
Regards,
Ethan
Nevermind, I have resolved myself by following the documentation and using the tls trust commands to load the trust chain. I had to load the fullchain.pem file from my letsencrypt setup.