search

bellrichm / WeeWX-MQTTSubscribe

A WeeWX service and driver that receives data from MQTT.
GNU General Public License v3.0
52 stars 13 forks source link

WeeWxIOError: ('Certificate subject does not match remote hostname.',) when using AWS IoT Core #141

Closed zachelliottwx closed 2 years ago

zachelliottwx commented 2 years ago

Installed MQTTSubscribe today. Configured a thing in AWS IoT Core, downloaded the CA, the Cert and the Private key. Weewx.conf is configured like this: `[MQTTSubscribeDriver]

This section is for the MQTTSubscribe driver.

# The driver to use:
driver = user.MQTTSubscribe
clientid = WeeWX
# The MQTT server.
# Default is localhost.
host = blah-ats.iot.us-east-1.amazonaws.com
# The port to connect to.
# Default is 1883.
port = 8883

# Maximum period in seconds allowed between communications with the broker.
# Default is 60.
keepalive = 60

# username for broker authentication.
# Default is None.
username = None

# password for broker authentication.
# Default is None.
password = None

# Configuration for the message callback.
[[message_callback]]
    type = json

# The topics to subscribe to.
[[topics]]
    unit_system = US
    [[[weather]]]
[[tls]]
  ca_certs = /etc/weewx/iot/root.crt
  certfile = /etc/weewx/iot/cert.pem
  certs_required = required
  keyfile = /etc/weewx/iot/key.prv
  tls_version = tlsv12`

However in the logs it's failing to connect due to WeeWxIOError: ('Certificate subject does not match remote hostname.',) I can send/subscribe with Mosquitto using those certs just fine, so I know it's not that. Any ideas?

zachelliottwx commented 2 years ago

FWIW this is what the cert looks like for subject: Certificate: Data: Version: 3 (0x2) Serial Number: fd:de:0a:8e:65:fc:3b:a7:33:8a:b9:06:6d:cc:a9:74:64:b0:6f:5a Signature Algorithm: sha256WithRSAEncryption Issuer: OU=Amazon Web Services O=Amazon.com Inc. L=Seattle ST=Washington C=US Validity Not Before: Sep 14 23:36:47 2021 GMT Not After : Dec 31 23:59:59 2049 GMT Subject: CN=AWS IoT Certificate Subject Public Key Info:

zachelliottwx commented 2 years ago

Ok this appears to be an issue with Paho MQTT actually. I ran a test script I found here: https://gist.github.com/skirdey/9cdead881799a47742ff3cd296d06cc1 and got the same error. Guess you're off the hook for now. I'll update when I figure out more.

zachelliottwx commented 2 years ago

This is solved. For future reference, the issue was the way I installed Paho. I was using Amazon Linux 2, and Python 2.x. So I installed python-paho-mqtt via Yum. Well that apparently installed a very very old version of Paho. Once I switched to Python3 and installed via Pip, it worked no problem. So ensure if you are using IoT Core, to use a somewhat recent version of Paho...