changing time to CET

[2kohm]

int8_t TIME_ZONE = 1 //NYC(USA): -5 UTC 1 for CET is not working

[debsahu]

Must match the AWS server's time zone.

[2kohm]

hey thanks for the fast replay. AwS IOT core region is in EU (Frankfurt) so it is in CET

i always get +7 hours to my timezone

MQTT connecting failed, reason -> Connection Accepted < try again in 5 seconds failed, reason -> Connection Accepted < try again in 5 seconds

[debsahu]

What does your last part of MQTT_HOST look like?

[debsahu]

Time is configured here https://github.com/debsahu/ESP-MQTT-AWS-IoT-Core/blob/00e8d67c8dc60ed3545fba1b37094b47999c96ec/Arduino/ChooseMQTTPubSub/ChooseMQTTPubSub.ino#L61

[2kohm]

const char MQTT_HOST[] = "........-ats.iot.eu-central-1.amazonaws.com";

yeah i know but all changes i made there didn't work

[2kohm]

int8_t TIME_ZONE = 1; //NYC(USA): -5 UTC

[debsahu]

Can you check if Amazon AWS CA certificate matches openssl s_client -showcerts -verify 5 -connect ........-ats.iot.eu-central-1.amazonaws.com:8883

[debsahu]

https://github.com/debsahu/ESP-MQTT-AWS-IoT-Core/blob/00e8d67c8dc60ed3545fba1b37094b47999c96ec/Arduino/ChooseMQTTPubSub/ChooseMQTTPubSub.ino#L188

Could you add

Serial.print("SSL Error Code: ");
Serial.println(net.getLastSSLError());

[2kohm]

i made the policy and the certificate in another region.. :(

[vaughank]

Let me know if you would rather me open in a different issue but my connect is also failing... I added the net.getLastSSLError() and get this:

Setting time using SNTP.done! Current time: Fri Feb 22 16:16:58 2019 failed, rc=-2 SSL Error Code: 62

Any ideas? Thanks for any help!

[debsahu]

Code 62 means root CA certificate is incorrect. ref https://github.com/esp8266/Arduino/issues/5347#issuecomment-439935523

Use OpenSSL to verify CA certificate: openssl s_client -showcerts -verify 5 -connect ........-ats.iot.eu-central-1.amazonaws.com:8883 and of course change the link accordingly

[vaughank]

I left out the certificate chain but none of the certificates in the output match any of the ones from here:

https://docs.aws.amazon.com/iot/latest/developerguide/managing-device-certs.html#server-authentication

I tried the depth 0 and 1 certs in my code but still get error code 62.

Here is the output from that:

verify depth is 5 CONNECTED(00000006) depth=4 C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority verify return:1 depth=3 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2 verify return:1 depth=2 C = US, O = Amazon, CN = Amazon Root CA 1 verify return:1 depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon verify return:1 depth=0 CN = *.iot.us-east-1.amazonaws.com verify return:1 4644554348:error:1401E412:SSL routines:CONNECT_CR_FINISHED:sslv3 alert bad certificate:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.240.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL alert number 42 4644554348:error:1401E0E5:SSL routines:CONNECT_CR_FINISHED:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.240.1/libressl-2.6/ssl/ssl_pkt.c:585:

Thanks again for the help!

[vaughank]

Ok that was my fault... my legacy code was connecting to the non -ats hostname for IOT Core. Once I updated the hostname I got further but now I get this... The -4 rc from pubsubclient is connection timeout and then I crash it seems,,.

Setting time using SNTP.done! Current time: Fri Feb 22 17:28:06 2019 failed, rc=-4 SSL Error Code: 0

Soft WDT reset

stack>>>

ctx: cont sp: 3fff0d60 end: 3fff1020 offset: 01b0 3fff0f10: 013671d7 3ffef6a0 3ffef694 00000000
3fff0f20: 3ffef694 00000000 3ffefaf4 00000000
3fff0f30: 3ffef694 00003a97 00000000 40210d2a
3fff0f40: 514d0400 3f045454 00000001 4020ee19
3fff0f50: 00000000 3fff378c 00000000 00000001
3fff0f60: 3fffdad0 4021cc9c 00000017 40101370
3fff0f70: 3ffeef70 3ffef694 00000017 3fff1058
3fff0f80: 3fffdad0 3ffef694 3ffefd1c 40210dc4
3fff0f90: 00000000 00000000 00000001 402039ce
3fff0fa0: 3fffdad0 3ffef694 3ffefd1c 40203a39
3fff0fb0: 50104000 54144000 3ffefd1c 40211ca0
3fff0fc0: 3fffdad0 3ffef694 3ffefd1c 40204f0e
3fff0fd0: 00000011 0000000a 40213564 3fff0000
3fff0fe0: 40201c9a 000007d0 000007d0 3fff1058
3fff0ff0: 00000000 00000000 00000001 3fff1058
3fff1000: 3fffdad0 00000000 3fff1028 40213610
3fff1010: feefeffe feefeffe 3ffe85a8 401015c1
<<<stack<<<

ets Jan 8 2013,rst cause:2, boot mode:(1,7)

ets Jan 8 2013,rst cause:4, boot mode:(1,7)

wdt reset

[debsahu]

rc=-4 means MQTT_CONNECTION_TIMEOUT

[debsahu]

Try this CA first Amazon AWS CA certificate

[vaughank]

Ok, I tried your exact example and I am getting the connection timeout there too... Any ideas?

10:00:53.310 -> Attempting to connect to SSID: kevinhome.ok! 10:00:54.320 -> Setting time using SNTP.done! 10:00:54.809 -> Current time: Sat Feb 23 10:00:54 2019 10:00:54.809 -> MQTT connecting failed, reason -> Connection tiemout < try again in 5 seconds 10:01:38.294 -> failed, reason -> Connection tiemout < try again in 5 seconds 10:02:02.234 -> failed, reason -> Connection tiemout < try again in 5 seconds 10:02:26.244 -> failed, reason -> Connection tiemout < try again in 5 seconds 10:02:50.426 -> failed, reason -> Connection tiemout < try again in 5 seconds 10:03:14.415 -> failed, reason -> Connection tiemout < try again in 5 seconds

[vaughank]

I went into the certificate in AWS console and noticed it wasn't activated. Once I activated it the timeout went away. Sorry if this is common sense but might want to add it in your steps just in case people are new to working with certificates... Thanks!

[debsahu]

Written documentation is here: https://github.com/debsahu/ESP-MQTT-AWS-IoT-Core/blob/master/doc/README.md this is mentioned in step 5.