[Ovmsdev] MQTT V3 server problems
leres at xse.com
Sat Oct 9 09:22:56 HKT 2021
My ovms boxes have been posting data to a mosquitto mqtt server for 3+
years but this recently broke.
I started out wanting to be able to tell when mqtt data for a particular
module was stale but I see now that mqtt itself does not track this. I
found an old stackoverflow that talked about an experimental mosquitto
plugin to do this but I can't find out anything else about it. Another
option would be to add a metric/topic with the timestamp of the last
update. I think I need some guidance here. But given my modules no
longer are able to connect to the server I need to solve that first.
Back the the main issue, the primary symptom is once a minute or so I see:
1633741110: Client <unknown> disconnected: Protocol error.
1633741170: New connection from 18.104.22.168:52860 on port 8883.
1633741170: OpenSSL Error: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca
1633741170: Client <unknown> disconnected: Protocol error.
I'm using mosquitto 2.0.10 with lets encrypt certs:
listener 1883 localhost
I'm not really sure when things stopped working. I was running 2.0.8
until sometime in July when the FreeBSD port upgrade to 2.0.10. So maybe
that broke it; or maybe this is related to the lets encrypt ca change?
Part of my trouble is I don't really understand how mqtt tls works. My
assumption was ovms uses the https cert and needs a cafile or capath
that includes the self-signed ca that signed the certs my modules use so
I changed cafile:
Does ovms generate its own mqtt cert on the fly? Does tls do somethig
else? Comparing the mosquitto config to what apache needs for https, I
only see the cert, key, and ca; missing is the chain file. Is the
problem that my client (the ovms module) can't validate the *server*
cert? I don't think so since the error message ("alert unknown ca")
doesn't appear in the mosquitto source and I believe it's openssl code.
Suggestions would be appreciated.
More information about the OvmsDev