Unable to connect with certificate

I am trying to use certificates to connect the gateway to my MQTT broker.
Here is my setup:

MQTT broker:

  • Mosquitto 2.0.15 as a docker in a VPS
  • mosquitto.conf:
per_listener_settings true
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/log/mosquitto.log

listener 1883

## Authentication ##
allow_anonymous false
password_file /mosquitto/data/password.txt

listener 8883

cafile /mosquitto/config/certs/ca.crt
certfile /mosquitto/config/certs/broker.crt
keyfile /mosquitto/config/certs/broker.key

require_certificate true
use_identity_as_username true

tls_version tlsv1.2


**esp32dev-multi_receiver with the configurations: **

  • prod_env.ini:
platform = ${com.esp32_platform}
board = esp32dev
board_build.partitions = min_spiffs.csv
lib_deps =
build_flags =
  '-DvalueAsASubject=true'  ; mqtt topic includes model and device (rtl_433) or protocol and id ( RF and PiLight )
;  '-DDEFAULT_RECEIVER=1'  ; Default receiver to enable on startup

Certificates configured on “User_config.h”:

  • CA certificated copied under:
const char* ss_server_cert PROGMEM = R"EOF("
  • client certificate:
const char* ss_client_cert PROGMEM = R"EOF("

const char* ss_client_key PROGMEM = R"EOF("

Using the same certificates, I can connect without issues to the broker using MQTT.fx, but the gateway cannot.

Here are the errors I get:

  • on terminal:
W: MQTT connection...
[E][WiFiClient.cpp:439] read(): fail on fd 55, errno: 104, "Connection reset by peer"
W: failure_number_mqtt: 1
W: failed, rc=-1
  • on broker:
1663400152: Client OpenMQTTGateway_multi_receiver has exceeded timeout, disconnecting.
1663400165: New connection from redacted:62689 on port 8883.
1663400165: OpenSSL Error[0]: error:1402542E:SSL routines:ACCEPT_SR_CLNT_HELLO:tlsv1 alert protocol version
1663400165: Client <unknown> disconnected: Protocol error.
1663400187: New connection from redacted:62690 on port 8883.
1663400187: OpenSSL Error[0]: error:1402542E:SSL routines:ACCEPT_SR_CLNT_HELLO:tlsv1 alert protocol version
1663400187: Client <unknown> disconnected: Protocol error.
1663400196: New connection from redacted:50931 on port 8883.
1663400196: OpenSSL Error[0]: error:1402542E:SSL routines:ACCEPT_SR_CLNT_HELLO:tlsv1 alert protocol version
1663400196: Client <unknown> disconnected: Protocol error.
1663400219: New connection from redacted:50932 on port 8883.
1663400219: OpenSSL Error[0]: error:1402542E:SSL routines:ACCEPT_SR_CLNT_HELLO:tlsv1 alert protocol version
1663400219: Client <unknown> disconnected: Protocol error.

I have the feeling I am missing something. I tried with different tls_version but no positive results. BTW, the error is the same ACCEPT_SR_CLNT_HELLO:tlsv1 alert protocol version if I comment out ‘tls_version’, which make me thinking is something on the certificates inside gateway.
Also, CA is created with correct FQDN (my DDNS address).
Of course, if I am using with user/pass on port 1883 is working fine.

Please tell me what I am doing wrong.

Thank you!


When setting your credentials on wifimanager, did you checked Mqtt secure option?

You can choose the value of this checkbox by adding the following macro:

Thank you! I added -DMQTT_SECURE_DEFAULT=true and now i have the errors like:

W: MQTT connection…
[E][ssl_client.cpp:36] _handle_error(): [start_ssl_client():207]: (-32512) SSL - Memory allocation failed
[E][WiFiClientSecure.cpp:133] connect(): start_ssl_client: -32512
W: failure_number_mqtt: 3
W: failed, rc=-2
W: failed, ssl error code=-32512

On the server side I have:

1663510220: New connection from redacted:55500 on port 8883.
1663510220: OpenSSL Error[0]: error:14035412:SSL routines:ACCEPT_SR_CERT:sslv3 alert bad certificate
1663510220: OpenSSL Error[1]: error:140350E5:SSL routines:ACCEPT_SR_CERT:ssl handshake failure
1663510220: Client disconnected: Protocol error.
1663510227: New connection from redacted:55501 on port 8883.
1663510227: Client closed its connection.

I tried to find more details about this 32512 error but without sucess.

PS: I am using an ESP32 DEVKIT v4 (ESP32-WROOM-32D)