🤖Have you ever tried Chat.M5Stack.com before asking??😎
    M5Stack Community
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Certificate based MQTT (AWS IoT) trouble with changed umqtt

    Scheduled Pinned Locked Moved Micropython
    2 Posts 1 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sistar_hh
      last edited by

      Hi,
      unfortunately the micropython certificate handling for MQTT has been changed last year. good description
      Here is the new way to do it:

       # Create an SSL context
    context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
    context.verify_mode = ssl.CERT_REQUIRED

    # Load certificates
    context.load_verify_locations(cafile='/flash/certificate/ca.der')
    context.load_cert_chain('/flash/certificate/cert.der', '/flash/certificate/key.der')
    mqtt = MQTTClient(client_id=client, server=endpoint, port=8883, keepalive=1200, ssl=context)
    print("Connecting to AWS IoT...")
    mqtt.connect()
    print("Done")

      While the code and certificates work fine on ESP32-S3 Micropython they result in the following error on uiflow2

      Traceback (most recent call last):
  File "<stdin>", line 74, in <module>
  File "<stdin>", line 52, in mqtt_connect
  File "/flash/libs/umqttn/simple.py", line 69, in connect
  File "ssl.py", line 1, in wrap_socket
ValueError: 
The certificate validity has expired

      I triple checked the certificate validity..
      Next suspect would be an incorrect system time. Therfore I set the time as follows before attempting to initialize a mqtt connection:

      sta_if = network.WLAN(network.STA_IF)
sta_if.active(True)
if sta_if.isconnected():
    sta_if.disconnect()
sta_if.connect(wifi_ssid, wifi_password)
while not sta_if.isconnected():
    utime.sleep(1)
    print("Connecting...")
print("Connected:", sta_if.ifconfig())


print(f"time before NTP settime {time.localtime()}")
ntptime.settime() 
print(f"time after NTP settime {time.localtime()}")
import machine
rtc = machine.RTC()
# Set manually to a known correct UTC date/time: (year, month, day, weekday, hour, minute, second, microsecond)
rtc.datetime((2025, 3, 14, 1, 14, 0, 0, 0))
print("Manually set time:", machine.RTC().datetime())

      Still I get the same error:

      Connecting...
Connecting...
Connecting...
Connecting...
Connected: ('192.168.5.0', '255.255.252.0', '192.168.4.1', '192.168.4.1')
time before NTP settime (2025, 3, 14, 12, 8, 44, 5, 72)
time after NTP settime (2025, 3, 14, 12, 8, 45, 5, 72)
Manually set time: (2025, 3, 14, 5, 14, 0, 0, 67)
Connecting to AWS IoT...
MQTT Connection failed: 
The certificate validity has expired

Traceback (most recent call last):
  File "<stdin>", line 79, in <module>
  File "<stdin>", line 57, in mqtt_connect
  File "/flash/libs/umqttn/simple.py", line 69, in connect
  File "ssl.py", line 1, in wrap_socket
ValueError: 
The certificate validity has expired

      I used the micropython/umqtt.simple/umqtt/simple.py implementation installed as module umqttn in the /flash/libs folder. It differs from the m5stack implementation (which is currently broken for certificate based MQTT due to the described changes in Micropython).

      At this point I wonder why the same code (umqtt.simple, demo-code, exactly the same certificate files) work on an UMFeatherS2 MicroPython v1.24.1 but fail on MicroPython v1.24.0-dirty on 2025-03-06; M5STACK CoreS3 with ESP32S3.

      I would happy for any hint on how to solve this.

      1 Reply Last reply Reply Quote 0
      • S Offline
        sistar_hh
        last edited by

        @sistar_hh said in Certificate based MQTT (AWS IoT) trouble with changed umqtt:

        Hi,
        unfortunately the micropython certificate handling for MQTT has been changed last year. good description
        Here is the new way to do it:

        Create an SSL context

        context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.verify_mode = ssl.CERT_REQUIRED

# Load certificates
context.load_verify_locations(cafile='/flash/certificate/ca.der')
context.load_cert_chain('/flash/certificate/cert.der', '/flash/certificate/key.der')
mqtt = MQTTClient(client_id=client, server=endpoint, port=8883, keepalive=1200, ssl=context)
print("Connecting to AWS IoT...")
mqtt.connect()
print("Done")

        While the code and certificates work fine on ESP32-S3 Micropython they result in the following error on uiflow2

        Traceback (most recent call last):
        File "<stdin>", line 74, in <module>
        File "<stdin>", line 52, in mqtt_connect
        File "/flash/libs/umqttn/simple.py", line 69, in connect
        File "ssl.py", line 1, in wrap_socket
        ValueError:
        The certificate validity has expired
        I triple checked the certificate validity..
        Next suspect would be an incorrect system time. Therfore I set the time as follows before attempting to initialize a mqtt connection:

        sta_if = network.WLAN(network.STA_IF)
        sta_if.active(True)
        if sta_if.isconnected():
        sta_if.disconnect()
        sta_if.connect(wifi_ssid, wifi_password)
        while not sta_if.isconnected():
        utime.sleep(1)
        print("Connecting...")
        print("Connected:", sta_if.ifconfig())

        print(f"time before NTP settime {time.localtime()}")
        ntptime.settime()
        print(f"time after NTP settime {time.localtime()}")
        import machine
        rtc = machine.RTC()

        Set manually to a known correct UTC date/time: (year, month, day, weekday, hour, minute, second, microsecond)

        rtc.datetime((2025, 3, 14, 1, 14, 0, 0, 0))
        print("Manually set time:", machine.RTC().datetime())
        Still I get the same error:

        Connecting...
        Connecting...
        Connecting...
        Connecting...
        Connected: ('192.168.5.0', '255.255.252.0', '192.168.4.1', '192.168.4.1')
        time before NTP settime (2025, 3, 14, 12, 8, 44, 5, 72)
        time after NTP settime (2025, 3, 14, 12, 8, 45, 5, 72)
        Manually set time: (2025, 3, 14, 5, 14, 0, 0, 67)
        Connecting to AWS IoT...
        MQTT Connection failed:
        The certificate validity has expired

        Traceback (most recent call last):
        File "<stdin>", line 79, in <module>
        File "<stdin>", line 57, in mqtt_connect
        File "/flash/libs/umqttn/simple.py", line 69, in connect
        File "ssl.py", line 1, in wrap_socket
        ValueError:
        The certificate validity has expired
        I used the micropython/umqtt.simple/umqtt/simple.py implementation installed as module umqttn in the /flash/libs folder. It differs from the m5stack implementation (which is currently broken for certificate based MQTT due to the described changes in Micropython).

        At this point I wonder why the same code (umqtt.simple, demo-code, exactly the same certificate files) work on an UMFeatherS2 MicroPython v1.24.1 but fail on MicroPython v1.24.0-dirty on 2025-03-06; M5STACK CoreS3 with ESP32S3.

        I would happy for any hint on how to solve this.

        Aha! When trying the following change:
        context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
        context.verify_mode = ssl.CERT_OPTIONAL # Instead of CERT_REQUIRED
        I successfully connected!

        1 Reply Last reply Reply Quote 0

        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

        With your input, this post could be even better 💗

        Register Login
        • First post
          Last post