Letsencrypt cert , MQTT connect fails


#1

Hi ,
I am working on a IOT application. I have a purchased a VPS and then installed secure MQTT on this .
I followed the link very well and installed mqtt successfully working with the letsencyrpt certificates.
I have coded a application that connects to the mqtt securely via websockets. I have made the same application to work with a thingspeak server. I mean I was able to connect with thingspeak server using thingspeak cert and publish data over there. Now Since I ll be using my own VPS which now I have setup with Secure MQTT using your certificates. Also I made sure my application is using thesse new certificates from you. Using mbedTLS library I have written this. Also I have secured the publishing with username password. Sorry if I seem to be giving you extra information. just thought you would be technical so .
This is how I generate the ceritficate to be used by my application to connect to the VPS which has my MQTT.
openssl s_client -showcerts -connect neurotechdesigns.ddns.net:8083
And I get some certificates. OF this I take the last certificate with “…BEGIN…” and “…END…” and use this to connect from my local PC to the remote MQTT server on my VPS.
Its not Connecting. I mean MQTT is not connecting. This code works with thingspeak Server with thingspeak Ceritificate. But now I made changes …asked it to connect to my MQTT Server on my VPS. MQTT is working fine As I tested with eclipse paho Client…Again a webserver based client available from Eclipse.
Now I know you may not be knowing much of this MQTT thing. But I need to know if I used the right command to generate the Letsencrpt cerificate that I plug into my code to connect to my MQTT Server.
openssl s_client -showcerts -connect neurotechdesigns.ddns.net:8083
Is this right ? Or what do I use.
Regards
Sraddha


#2

That’s a way to get the certificate, sure, but how are you obtaining the private key? In order to actually use the certificate, you need to have both. Otherwise, I could just download Google’s certificate and pretend to be Google.

You should probably just generate a new certificate and key to use on your MQTT server.


#3

the LAST cert is:

I don’t know HOW the software is supposed to work, but you might want to try using the FIRST cert.


#4

@jared.m
I thank you the hint. I also need the private key along with the certificate. Make sense . i ll try that.
I already have a letencrypt certificate installed on this VPS. And in this VPS I have installed MQTT. Please tell me are you suggesting that I ALSO take a letsencrypt ceritificate for the MQTT installation. I didnt know anything like that. Still thanks. I am not understanding what you mean by “new certificate for the MQTT” Thanks again for your help.