Thanks!
About root certificates, if you take a look at OpenSSL Client Compatibility Changes for Let’s Encrypt Certificates, you'll notice that "OpenSSL (any version) without ISRG Root X1 in trust store" is not compatible with certificates renewed after June. This somewhat depends on what your client code is doing (whether you're passing a ca option to the tls options).
Thing is though, if you were having trouble with that, you'd be getting errors from Node.js about verifying the certificate. That's not what we see, so I don't think trust is the exact issue.
I tried also running this program from Node.js v12, and it gets past the SSL handshake just fine. You are using Node v12 on your IoT devices, right? Not just the server?
const mqtt = require('mqtt')
const client = mqtt.connect({
host: 'staging.broker.aritronix.com',
port: 8883,
protocol: 'mqtts'
})
client.on('error', (e) => {
console.log(e)
})
client.on('connect', () => {
console.log('Connected!')
})
Out of curiosity, how much memory do these IoT devices have?
There was one other thread here where the person had a similar kind of issue, and it turned out that the extra certificate in the post-June certificate chain, caused their device to run out of memory and crash when trying to verify the certificate chain. They solved the issue by not sending the full size chain. However, they were using an actual microcontroller. Since you're running Node.js, I'm guessing you have more memory available than just mere kilobytes.