Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WeeWxIOError: ('Certificate subject does not match remote hostname.',) when using AWS IoT Core #141

Closed
zachelliottwx opened this issue Sep 15, 2021 · 3 comments
Closed

WeeWxIOError: ('Certificate subject does not match remote hostname.',) when using AWS IoT Core #141

zachelliottwx opened this issue Sep 15, 2021 · 3 comments
Assignees
@bellrichm

Comments

@zachelliottwx
Copy link

Installed MQTTSubscribe today. Configured a thing in AWS IoT Core, downloaded the CA, the Cert and the Private key.
Weewx.conf is configured like this:
`[MQTTSubscribeDriver]
# This section is for the MQTTSubscribe driver.

# The driver to use:
driver = user.MQTTSubscribe
clientid = WeeWX
# The MQTT server.
# Default is localhost.
host = blah-ats.iot.us-east-1.amazonaws.com
# The port to connect to.
# Default is 1883.
port = 8883

# Maximum period in seconds allowed between communications with the broker.
# Default is 60.
keepalive = 60

# username for broker authentication.
# Default is None.
username = None

# password for broker authentication.
# Default is None.
password = None

# Configuration for the message callback.
[[message_callback]]
    type = json

# The topics to subscribe to.
[[topics]]
    unit_system = US
    [[[weather]]]
[[tls]]
  ca_certs = /etc/weewx/iot/root.crt
  certfile = /etc/weewx/iot/cert.pem
  certs_required = required
  keyfile = /etc/weewx/iot/key.prv
  tls_version = tlsv12`

However in the logs it's failing to connect due to WeeWxIOError: ('Certificate subject does not match remote hostname.',)
I can send/subscribe with Mosquitto using those certs just fine, so I know it's not that. Any ideas?
@zachelliottwx
Copy link
Author

FWIW this is what the cert looks like for subject:
Certificate: Data: Version: 3 (0x2) Serial Number: fd:de:0a:8e:65:fc:3b:a7:33:8a:b9:06:6d:cc:a9:74:64:b0:6f:5a Signature Algorithm: sha256WithRSAEncryption Issuer: OU=Amazon Web Services O=Amazon.com Inc. L=Seattle ST=Washington C=US Validity Not Before: Sep 14 23:36:47 2021 GMT Not After : Dec 31 23:59:59 2049 GMT Subject: CN=AWS IoT Certificate Subject Public Key Info:

@zachelliottwx
Copy link
Author

Ok this appears to be an issue with Paho MQTT actually. I ran a test script I found here: https://gist.github.com/skirdey/9cdead881799a47742ff3cd296d06cc1 and got the same error. Guess you're off the hook for now. I'll update when I figure out more.

@zachelliottwx
Copy link
Author

This is solved.
For future reference, the issue was the way I installed Paho. I was using Amazon Linux 2, and Python 2.x. So I installed python-paho-mqtt via Yum. Well that apparently installed a very very old version of Paho. Once I switched to Python3 and installed via Pip, it worked no problem. So ensure if you are using IoT Core, to use a somewhat recent version of Paho...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bellrichm bellrichm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zachelliottwx @bellrichm