OTA from a HTTPS godaddy server
Posted: Thu Nov 26, 2020 8:08 am
Hello All,
We are using ESP32 in one of our product. In the OTA feature, we have able to use the example program generate a self signed certificate and do OTA. Now we need to keep this BIN file in 3rd party server (goDaddy). We have a account with SSL enabled.
To get a server certificate we used the following command. (used our server url instead of your-server-dns mentioned below)
openssl s_client -showcerts -connect <your-server-dns>:443 < /dev/null
The server cert we get from this is saved in server_certs folder as mentioned in the sample ota example.
Once done, when we clean build the project and try to trigger OTA, it fails to download the file.
Error we get is as below.
[0;31mE (120920) esp-tls: mbedtls_ssl_handshake returned -0x2700[0m
[0;32mI (120920) esp-tls: Failed to verify peer certificate![0m
[0;32mI (120920) esp-tls: verification info: ! The certificate is not correctly signed by the trusted CA
[0;31mE (120930) esp-tls: Failed to open new connection[0m
[0;31mE (120940) TRANS_SSL: Failed to open a new connection[0m
[0;31mE (120950) HTTP_CLIENT: Connection failed, sock < 0[0m
[0;31mE (120950) esp_https_ota: Failed to open HTTP connection: ESP_ERR_HTTP_CONNECT[0m
[0;31mE (120960) esp_https_ota: Failed to establish HTTP connection
Question 1: Would like to know the exact procedure to make HTTPS OTA work on a HTTPS godaddy server.
Question 2: Is private key also needed in Device side for HTTPS OTA to work ??
Next step : Also it will be helpful someone can refer to basic authentication server program so that we can implement both HTTPS and basic authentication in our OTA module.
Thank you...
We are using ESP32 in one of our product. In the OTA feature, we have able to use the example program generate a self signed certificate and do OTA. Now we need to keep this BIN file in 3rd party server (goDaddy). We have a account with SSL enabled.
To get a server certificate we used the following command. (used our server url instead of your-server-dns mentioned below)
openssl s_client -showcerts -connect <your-server-dns>:443 < /dev/null
The server cert we get from this is saved in server_certs folder as mentioned in the sample ota example.
Once done, when we clean build the project and try to trigger OTA, it fails to download the file.
Error we get is as below.
[0;31mE (120920) esp-tls: mbedtls_ssl_handshake returned -0x2700[0m
[0;32mI (120920) esp-tls: Failed to verify peer certificate![0m
[0;32mI (120920) esp-tls: verification info: ! The certificate is not correctly signed by the trusted CA
[0;31mE (120930) esp-tls: Failed to open new connection[0m
[0;31mE (120940) TRANS_SSL: Failed to open a new connection[0m
[0;31mE (120950) HTTP_CLIENT: Connection failed, sock < 0[0m
[0;31mE (120950) esp_https_ota: Failed to open HTTP connection: ESP_ERR_HTTP_CONNECT[0m
[0;31mE (120960) esp_https_ota: Failed to establish HTTP connection
Question 1: Would like to know the exact procedure to make HTTPS OTA work on a HTTPS godaddy server.
Question 2: Is private key also needed in Device side for HTTPS OTA to work ??
Next step : Also it will be helpful someone can refer to basic authentication server program so that we can implement both HTTPS and basic authentication in our OTA module.
Thank you...