Attempting MQTT connection...failed, rc=-4 try again in 5 seconds
holla2040 opened this issue · comments
Hello,
I've been trying to get mqtt_x509_DER.ino example sketch running this evening. Here's my setup using IDE v1.8.8
- cloned the esp8266 tools as directed
- using AWS IOT console, created a thing called 'espdev', downloaded the pem files and ca1, used linux openssl to create der files
openssl x509 -in ####-certificate.pem.crt -out cert.der -outform DER
openssl rsa -in ######-private.pem.key -out private.der -outform DER
openssl x509 -in AmazonRootCA1.pem -out ca.der -outform DER
-
loaded a fsbrowser sketch to upload cert, private, ca der files to 3M SPIFFS
-
found and set my AWS_endpoint (A little unclear where I get this, got it from AWS_IOT console using the test screen).
-
this AWS_endpoint gets DNS resolved using linux command line ping IP resolved this endpoint.
-
I verified timeClient.update() gets correct epoch time.
Here's the sketch output using microcom,
SDK:2.2.1(cfd48f3)/Core:2.5.0-66-gf139519=20500066/lwIP:STABLE-2_1_2_RELEASE/glue:1.1-2-ga501b57/BearSSL:6778687
Connecting to devAP
scandone
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 1
cnt
connected with devAP, channel 11
dhcp client start...
ip:192.168.0.147,mask:255.255.255.0,gw:192.168.0.1
.
WiFi connected
IP address:
192.168.0.147
time of day UTC 2019-03-29 05:36:28
Heap: 41040
Success to open cert file
cert loaded
Success to open private cert file
private key loaded
Success to open ca
ca loaded
Heap: 37112
Attempting MQTT connection...BSSL:_connectSSL: start connection
pm open,type:2 0
BSSL:Connected!
failed, rc=-4 try again in 5 seconds
WiFiClientSecure SSL error: Unknown error code.
Attempting MQTT connection...BSSL:_run_until: Not connected
BSSL:_connectSSL: start connection
BSSL:Connected!
failed, rc=-4 try again in 5 seconds
WiFiClientSecure SSL error: Unknown error code.zeeboo
Attempting MQTT connection...BSSL:_run_until: Not connected
BSSL:_connectSSL: start connection
BSSL:Connected!
failed, rc=-4 try again in 5 seconds
WiFiClientSecure SSL error: Unknown error code.
I looked over this issue's comments and https://raphberube.com/blog/2019/02/18/Making-the-ESP8266-work-with-AWS-IoT.html but didn't stumble on anything new.
So my question is ...
- in reconnect function, what should be the string passed to client.connect()?
void reconnect() {
// Loop until we're reconnected
while (!client.connected()) {
Serial.print("Attempting MQTT connection...");
// Attempt to connect
if (client.connect("ESPthing")) {
Thanks for taking the time to read this and for developing this MQTT TLS connectivity option.
Craig
I regenerated my certs, activated it and attached my IOTPolicy and it works!!! Thanks so much.
How did you genereted your certs?
I used
openssl x509 -in .\aaaaaaaaaa-certificate.pem.crt -out cert.der -outform DER
openssl rsa -in .\aaaaaaaa-private.pem.key -out private.der -outform DER writing RSA key
openssl x509 -in .\AmazonRootCA1.pem.txt -out ca.der -outform DER
My policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Connect",
"iot:Subscribe",
"iot:Receive"
],
"Resource": "arn:aws:iot:us-east-1:xxxxxxxxxxx:topic/outTopic"
},
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Connect",
"iot:Subscribe",
"iot:Receive"
],
"Resource": "arn:aws:iot:us-east-1:xxxxxxxxxxx:topic/inTopic"
}
]
}
I also tried to make another certs and make all the steps again, but I'm still getting
AttemptingMQTT connection...failed, rc=-4 try again in 5 seconds
@MBezerril Hey! Did you solve issue?
Yes, @esin. I found some tutorials how to create certificates and found another problem. I didn't put the SPIFFS's size to 4MB. When I uploaded the code after the files, my code overwrited part of the files, because the memory wasn't corretly mapped.
Thanks!
All certificates need to have policy, I also faced the same issue and after attaching the policy. It worked.