Page 1 of 1

MQTTS without CA

Posted: Mon Jul 01, 2024 5:07 pm
by mattia424
Hi,
I am trying to connect to my mqtt server where tls is enabled.
On the server I have created certificates with Let's Encrypt and with MQTT Explorer everything works correctly in TLS without loading the CA.

How can I now get this server to work with my ESP32?
I have tried putting only:

Code: Select all

.address = {
                .hostname = _endpoint.c_str(),
                .transport = MQTT_TRANSPORT_OVER_SSL,
                .port = _port,
            },
but the error it gives me is:

Code: Select all

E (67239) esp-tls-mbedtls: No server verification option set in esp_tls_cfg_t structure. Check esp_tls API reference
E (67239) esp-tls-mbedtls: Failed to set client configurations, returned [0x8017] (ESP_ERR_MBEDTLS_SSL_SETUP_FAILED)
E (67249) esp-tls: create_ssl_handle failed
E (67259) esp-tls: Failed to open new connection
E (67259) transport_base: Failed to open a new connection
E (67269) mqtt_client: Error transport connect
Do I have to enter the certificate?
I also tried manually entering the one downloaded from Let's Encrypt but with that the error it gives me is:

Code: Select all

E (48519) esp-tls-mbedtls: mbedtls_x509_crt_parse of CA cert returned -0x2180
I (48519) esp-tls-mbedtls: (FFFFDE80): X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
E (48529) esp-tls-mbedtls: Failed to set client configurations, returned [0x8015] (ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED)
E (48539) esp-tls: create_ssl_handle failed
E (48549) esp-tls: Failed to open new connection
E (48549) transport_base: Failed to open a new connection
E (48559) mqtt_client: Error transport connect

Re: MQTTS without CA

Posted: Wed Jul 03, 2024 6:26 am
by aliarifat794
As far as I can understand, you need to download the Let's Encrypt CA Certificate from the Let's Encrypt website and embed the certificate in your code. You can visit these links for further info:
https://community.letsencrypt.org/t/val ... ice/175307
https://community.letsencrypt.org/t/how ... ler/197377
https://www.theengineeringprojects.com/ ... -mqtt.html