ECONNREFUSED when connecting from WebServer

Hi, I am connecting to my private HiveMQ cloud instance via the provided url from my hosted web server running nodejs. It will successfully connect when the HiveMQ load balancer routes to one IP but I get connection refused when it routes to the other.

I worked with my web host provider to try to resolve the issue. They have confirmed that I can connect to my HiveMQ url to port 8883 and that nothing is blocking on their side. I can see the IP that the node mqtt client attempted to connect to in the error message and I can confirm that IP is valid via nslookup. When I do an nslookup on the private HiveMQ url it returns 3 ip addresses. I don’t know if the 3rd one is ever used but I can confirm that the node mqtt client can connect to at least one of them but not the other.

Does anyone know what the problem might be or a way around it? Is there something I should ask my web host provider to check for on their side?

I don’t have any problems connecting to my HiveMQ url running my website locally on my laptop. I’m connecting via the backend not via JavaScript web sockets on the front end.

Thanks for your help!

Hi @houpajoup ,

Could you please clarify, about which HiveMQ product it goes:

• HiveMQ Cloud Free account (hosted by HiveMQ Cloud)
• HiveMQ CE (hosted by you)
• HiveMQ EE (hosted by you)

Except of the nodeJS client, did you try connecting using our MQTT CLI client? If not yet, then please try that and use --debug and --verbose flag to get meaningful output.

Thank you,
Dasha from HiveMQ team

Hi Dasha, I’m using the HiveMQ Cloud Free account right now trying to get this to work.

I can connect without a problem locally (on my laptop) using nodejs. I got my webhost provider to white list all the IP’s that nslookup returns for my private HiveMQ URL so that solved my ECONNREFUSED problem on the webhost but now nothing is getting published from the webhost which was working when it was able to successfully connect to one of the ip addresses (52.31.149.80).

When I try using the mqtt-cli I on my laptop I get NOT_AUTHORIZED with the following command:

c:\code\apps\mqtt-test>mqtt-cli pub 
-h ceed143f4b0947a9b3f40ae94badd9c7.s1.eu.hivemq.cloud 
-p 8883 -u myuserid --password mypasswd 
-t "my/test/topic" -m "hello" 
-s --cafile isrgrootx1.pem
-d -v

The verbose output is included at the end of this post.

I am providing the correct username and password and cafile because:

• my hand coded nodejs example works on my laptop
• the mqtt node client version works on my laptop

     c:\code\apps\mqtt-test>mqtt -version
     MQTT.js version: 4.3.7

• the websocket test client on the HiveMQ site works
• mosquitto_sub & _pub running on my laptop will publishe & show topics successfully

However:

• mqtt-cli on my laptop doesn’t work for pub & sub – it throws NOT_AUTHORIZED
• the hand-coded nodejs example on my webhost doesn’t throw an error anymore but doesn’t publish anything either.

I don’t understand what I’m missing.

Let me know if there is something I can try. I’m waiting on my host provider to give me shell access to try mqtt-cli on my webhost, but for now I’d like to get mqtt-cli pub/sub working on my laptop.

Here is the verbose output from the mqtt-cli on my laptop for pub & sub:

PUBLISH: Command: Publish:: {topics=[‘my/test/topic’], qos=[AT_MOST_ONCE], retain=null, messageExpiryInterval=null, payloadFormatIndicator=null, contentType=null, responseTopic=null, correlationData=null, userProperties=null, Connect:: {host=ceed143f4b0947a9b3f40ae94badd9c7.s1.eu.hivemq.cloud, port=8883, version=null, identifier=null, user=‘websvc’, keepAlive=null, cleanStart=null, useDefaultSsl=true, sslConfig=false, willTopic=‘null’, willQos=null, willMessage=‘null’, willRetain=null, willMessageExpiryInterval=null, willDelayInterval=null, willPayloadFormatIndicator=null, willContentType=‘null’, willResponseTopic=‘null’, willCorrelationData=null, willUserProperties=null, sessionExpiryInterval= null, userProperties=null, receiveMaximum=null, sendMaximum=null, maximumPacketSize=null, sendMaximumPacketSize=null, topicAliasMaximum=null, sendTopicAliasMaximum=null, requestProblemInformation=null, requestResponseInformation=null}}
PUBLISH: Setting value of ‘version’ to default value: MQTT_5_0
PUBLISH: Created ‘identifier’: mqttClient-MQTT_5_0-5993af79-497f-4112-a937-5f8cc5ea0127
PUBLISH: Cache hasKey client {identifier=‘mqttClient-MQTT_5_0-5993af79-497f-4112-a937-5f8cc5ea0127’, host=‘ceed143f4b0947a9b3f40ae94badd9c7.s1.eu.hivemq.cloud’} - false
CLIENT mqttClient-MQTT_5_0-5993af79-497f-4112-a937-5f8cc5ea0127: sending CONNECT with Mqtt5Connect: MqttConnect{keepAlive=60, cleanStart=true, sessionExpiryInterval=0, restrictions=MqttConnectRestrictions{receiveMaximum=65535, sendMaximum=65535, maximumPacketSize=268435460, sendMaximumPacketSize=268435460, topicAliasMaximum=0, sendTopicAliasMaximum=16, requestProblemInformation=true, requestResponseInformation=false}, simpleAuth=MqttSimpleAuth{username and password}}
PUBLISH: com.hivemq.client.mqtt.mqtt5.exceptions.Mqtt5ConnAckException: CONNECT failed as CONNACK contained an Error Code: NOT_AUTHORIZED.
at com.hivemq.client.internal.mqtt.MqttBlockingClient.connect(MqttBlockingClient.java:91)
at com.hivemq.cli.mqtt.MqttClientExecutor.mqtt5Connect(MqttClientExecutor.java:83)
at com.hivemq.cli.mqtt.AbstractMqttClientExecutor.connectMqtt5Client(AbstractMqttClientExecutor.java:238)
at com.hivemq.cli.mqtt.AbstractMqttClientExecutor.connect(AbstractMqttClientExecutor.java:201)
at com.hivemq.cli.mqtt.MqttClientExecutor.connect(MqttClientExecutor.java:67)
at com.hivemq.cli.mqtt.AbstractMqttClientExecutor.getMqttClientFromCacheOrConnect(AbstractMqttClientExecutor.java:434)
at com.hivemq.cli.mqtt.AbstractMqttClientExecutor.publish(AbstractMqttClientExecutor.java:110)
at com.hivemq.cli.mqtt.MqttClientExecutor.publish(MqttClientExecutor.java:67)
at com.hivemq.cli.commands.cli.PublishCommand.run(PublishCommand.java:127)
at picocli.CommandLine.executeUserObject(CommandLine.java:1729)
at picocli.CommandLine.access$900(CommandLine.java:145)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2101)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2068)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1935)
at picocli.CommandLine.execute(CommandLine.java:1864)
at com.hivemq.cli.MqttCLIMain.main(MqttCLIMain.java:73)
PUBLISH: CONNECT failed as CONNACK contained an Error Code: NOT_AUTHORIZED.

thank you for your help!

Hi @houpajoup ,

Thanks for contacting us, did you try using single quotes instead of the double quotes in here?

-t "my/test/topic" -m "hello" 

And also please try without this line:

-s --cafile isrgrootx1.pem

Then try using only --secure or only --cafile isrgrootx1.pem option.

Let me know which one helps!
Thanks
Dasha

Hi @Daria_H, when I try with single quote or double quotes there is no difference. I even tried no quotes on the -t because I noticed mosquitto_pub didn’t like the quotes so I figured I would try that too but all attempts gave me the same NOT_AUTHORIZED error.

Then I tried --cafile isrgrootx1.pem and it failed as well but I got the same NOT_AUTHORIZED error.

I tried using only --secure and I got the following failure response:

PUBLISH: Command: Publish:: {topics=[‘my/test/topic’], qos=[AT_MOST_ONCE], retain=null, messageExpiryInterval=null, payloadFormatIndicator=null, contentType=null, responseTopic=null, correlationData=null, userProperties=null, Connect:: {host=ceed143f4b0947a9b3f40ae94badd9c7.s1.eu.hivemq.cloud, port=8883, version=null, identifier=null, user=‘websvc’, keepAlive=null, cleanStart=null, useDefaultSsl=true, sslConfig=false, willTopic=‘null’, willQos=null, willMessage=‘null’, willRetain=null, willMessageExpiryInterval=null, willDelayInterval=null, willPayloadFormatIndicator=null, willContentType=‘null’, willResponseTopic=‘null’, willCorrelationData=null, willUserProperties=null, sessionExpiryInterval= null, userProperties=null, receiveMaximum=null, sendMaximum=null, maximumPacketSize=null, sendMaximumPacketSize=null, topicAliasMaximum=null, sendTopicAliasMaximum=null, requestProblemInformation=null, requestResponseInformation=null}}
PUBLISH: Setting value of ‘version’ to default value: MQTT_5_0
PUBLISH: Created ‘identifier’: mqttClient-MQTT_5_0-7275f141-04af-4328-9175-7a8cc4b26485
PUBLISH: java.lang.NullPointerException
at com.hivemq.cli.commands.AbstractCommonFlags.doBuildSslConfig(AbstractCommonFlags.java:132)
at com.hivemq.cli.commands.AbstractCommonFlags.buildSslConfig(AbstractCommonFlags.java:91)
at com.hivemq.cli.commands.cli.PublishCommand.run(PublishCommand.java:122)
at picocli.CommandLine.executeUserObject(CommandLine.java:1729)
at picocli.CommandLine.access$900(CommandLine.java:145)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2101)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2068)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1935)
at picocli.CommandLine.execute(CommandLine.java:1864)
at com.hivemq.cli.MqttCLIMain.main(MqttCLIMain.java:73)
PUBLISH:
PUBLISH: Cache hasKey client {identifier=‘mqttClient-MQTT_5_0-7275f141-04af-4328-9175-7a8cc4b26485’, host=‘ceed143f4b0947a9b3f40ae94badd9c7.s1.eu.hivemq.cloud’} - false
CLIENT mqttClient-MQTT_5_0-7275f141-04af-4328-9175-7a8cc4b26485: sending CONNECT with Mqtt5Connect: MqttConnect{keepAlive=60, cleanStart=true, sessionExpiryInterval=0, restrictions=MqttConnectRestrictions{receiveMaximum=65535, sendMaximum=65535, maximumPacketSize=268435460, sendMaximumPacketSize=268435460, topicAliasMaximum=0, sendTopicAliasMaximum=16, requestProblemInformation=true, requestResponseInformation=false}, simpleAuth=MqttSimpleAuth{username and password}}
PUBLISH: com.hivemq.client.mqtt.exceptions.ConnectionClosedException: Server closed connection without DISCONNECT.
at com.hivemq.client.internal.mqtt.MqttBlockingClient.connect(MqttBlockingClient.java:91)
at com.hivemq.cli.mqtt.MqttClientExecutor.mqtt5Connect(MqttClientExecutor.java:83)
at com.hivemq.cli.mqtt.AbstractMqttClientExecutor.connectMqtt5Client(AbstractMqttClientExecutor.java:238)
at com.hivemq.cli.mqtt.AbstractMqttClientExecutor.connect(AbstractMqttClientExecutor.java:201)
at com.hivemq.cli.mqtt.MqttClientExecutor.connect(MqttClientExecutor.java:67)
at com.hivemq.cli.mqtt.AbstractMqttClientExecutor.getMqttClientFromCacheOrConnect(AbstractMqttClientExecutor.java:434)
at com.hivemq.cli.mqtt.AbstractMqttClientExecutor.publish(AbstractMqttClientExecutor.java:110)
at com.hivemq.cli.mqtt.MqttClientExecutor.publish(MqttClientExecutor.java:67)
at com.hivemq.cli.commands.cli.PublishCommand.run(PublishCommand.java:127)
at picocli.CommandLine.executeUserObject(CommandLine.java:1729)
at picocli.CommandLine.access$900(CommandLine.java:145)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2101)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2068)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1935)
at picocli.CommandLine.execute(CommandLine.java:1864)
at com.hivemq.cli.MqttCLIMain.main(MqttCLIMain.java:73)
PUBLISH: Server closed connection without DISCONNECT.

I tried the following as well but no luck.

mqtt-cli shell con -v -d -h ceed143f4b0947a9b3f40ae94badd9c7.s1.eu.hivemq.cloud -p 8883 -u tester --password ******** -s --cafile isrgrootx1.pem

CONNECT: CONNECT failed as CONNACK contained an Error Code: NOT_AUTHORIZED.

Not sure if you want to try it from your side or feel free to create your own user on my cluster if you have the admin priviledges to do that, or I can send you the password for the tester user. I’m running on Windows 10:

mqtt> version
1.0.0
Picocli 4.0.4
JVM: 1.8.0_311 (Oracle Corporation Java HotSpot™ 64-Bit Server VM 25.311-b11)
OS: Windows 10 10.0 amd64