-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EMQ + Letsencrypt #765
Comments
Are there any error logs? Do you want to configure one-way authentication or two-way authentication? |
@turtleDeng |
Attempt 3
|
2016-11-15 1:22 GMT-04:30 turtleDeng notifications@github.com:
|
Friend turtleDeng, Sorry for the delay. You are explaining to me that the correct way to configure it is: Attempt 3 SSL OptionsMqtt.listener.ssl.handshake_timeout = 15 So I probed the configuration from port 8883, and it worked! The problem is that I've always tried the websocket protocol. Which was configured like this: Mqtt.listener.https.handshake_timeout = 15 And it still fails! But this time, knowing that I have well configured certificates (Thanks for Mqtt.listener.https.handshake_timeout = 15 Mqtt.listener.https.verify = verify_peerMqtt.listener.https.fail_if_no_peer_cert = true I would like to know the reason why it is failing, is it normal ?, What do Does it have to do with what you asked me in your first response? (Do you 2016-11-15 9:49 GMT-04:30 serenity luna serenity.luna@gmail.com:
|
{verify, verify_type()} See the ssl documentation for details! |
As you recommended I read the ssl documentation. And I found the following: Please explain me: Why can not I use verify_peer with websockets (8084), but can I use it with 2016-11-15 10:09 GMT-04:30 turtleDeng notifications@github.com:
|
Best regards. It still does not work verify_peer on websockets with TLS (HTTPS / WSS I have tried downloading emqttd-ubuntu64-v2.0-rc.3-20161103.zip again and This is the error when I use (mqtt.listener.https.verify = verify_peer) Erlang MQTT Broker 2.0 is running now Eshell V7.3 (abort with ^G) (emqttd@127.0.0.1)1> 05:37:02.582 [error] Error in process <0.1139.0> on {{ssl_error,closed},[{esockd_connection,upgrade,1,[{file,"src/esockd_connection.erl"},{line,113}]},{mochiweb_http,init,2,[{file,"src/mochiweb_http.erl"},{line,30}]}]} 05:37:02.583 [error] Supervisor 'esockd_connection_sup - <0.1094.0>' had 05:37:02.889 [error] Error in process <0.1141.0> on node 'emqttd@127.0.0.1' {{ssl_error,closed},[{esockd_connection,upgrade,1,[{file,"src/esockd_connection.erl"},{line,113}]},{mochiweb_http,init,2,[{file,"src/mochiweb_http.erl"},{line,30}]}]} COMODO: HTTP (SSL) ListenerMqtt.listener.https = 8084 Mqtt.listener.https.keyfile = /opt/emqttd/etc/certs/private.key Mqtt.listener.https.verify = verify_peer Note: Same configuration in SSL Listener - 8883 works fine! |
I have the same error. How to deal with that? I already tried to set Btw: I think concatenating is not needed as fullchain.pem already includes Root CA, isn't it? |
Please give steps on how to Generate a certificate using letsencrypt and use it sucessfully over wss. |
Same problem.. cant understand how to setup ssl for websockets using letsencrypt. |
Letsencrypt generates certificate for server. That means we should use one-way TLS authentication. Suppose we are utilizing websocket over TLS. The emq.conf should look like below:
And the paho python code should look like below:
|
Did this but still getting this error -
Do we not have to tell domain name anywhere in the emq.conf ? As my certificates are bound to a specific domain name, right ? This is my code - import paho.mqtt.publish as publish
And do we have to keep this fullchain.pem in mobile applications ? |
@arihantdaga Yes, you have to keep fullchain.pem in the directory where your python script resides. Domain name is included in server certification. So you do not specify your domain name in emq.conf. Following command will be helpful to debug certification issue: |
@grutabow Thank you very much. Solved Now..
|
Best regards
I can not configure EMQ with letsencrypt.
I'm using Development: emqttd-v2.0-rc.3 released on 2016/11/03
Letsencrypt gives me the following files:
cert.pem
chain.pem
fullchain.pem
privkey.pem
I have tried several ways in emq.conf:
Attempt 1:
Cacertfile = etc / certs / chain.pem
Certfile = etc / certs / cert.pem
Keyfile = etc / certs / privkey.pem
Attempt 2:
Cacertfile = etc / certs / fullchain.pem
Certfile = etc / certs / cert.pem
Keyfile = etc / certs / privkey.pem
Attempt 3:
Concatenating chain.pem + Root CA = chainca.pem
https://mosquitto.org/2015/12/using-lets-encrypt-certificates-with-mosquitto/
Cacertfile = etc / certs / chainca.pem
Certfile = etc / certs / cert.pem
Keyfile = etc / certs / privkey.pem
Attempt 4
Concatenating privkey.pem + fullchain.pem = keyfile.pem
Cacertfile = etc / certs / chain.pem
Certfile = etc / certs / cert.pem
Keyfile = etc / certs / keyfile.pem
Thanks for everything.
The text was updated successfully, but these errors were encountered: