Hello,
I am new to HiveMQ. I am using ESP8266 with Arduino IDE.
I tried to follow the guide to connect, but I can’t successfuly create SSl cert.
When I run the Python script I get:
Traceback (most recent call last):
File “c:\Users\user\OneDrive\One-Documents\7-Python\Scripts\certs-from-mozilla_2.py”, line 83, in
call( arCmd )
File “C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.1776.0_x64__qbz5n2kfra8p0\Lib\subprocess.py”, line 389, in call
with Popen(*popenargs, **kwargs) as p:
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.1776.0_x64__qbz5n2kfra8p0\Lib\subprocess.py”, line 1026, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File “C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.1776.0_x64__qbz5n2kfra8p0\Lib\subprocess.py”, line 1538, in _execute_child
hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [WinError 2] The system cannot find the file specified
Can you assist?
Many thanks
Hello @SG53 ,
First off, welcome to the HiveMQ Community!
To confirm, are you using the latest version of the certs-from-mozilla.py script, available here?
If so, it looks like this may be due to the installation path for the Arduino files - it looks like a similar issue was reported on the GitHub page here.
An additional issue pointed out that some files, such as AR.exe, are available in the tools folder of your Arduino installation, and may need the path updated within the script to properly reflect your installation location.
Best,
Aaron from the HiveMQ Team
Thank you Aaron for your quick response. It is helpful!
I used the correct version of the script, but I didn’t have the ar.exe file. Your guidance helped!
BTW, in the tutorial I suggest you add to put ar.exe and openssl.exe in the root directory, not where the script is running from!
So, I was able to creste crets.ar and load it to the flash:
Root dir of LittleFS
Listing directory: /
FILE: certs.ar SIZE: 8 CREATION: 1970-01-01 00:00:00
LAST WRITE: 1970-01-01 00:00:00
FILE: certs.idx SIZE: 0 CREATION: 2023-10-13 19:09:41
LAST WRITE: 2023-10-13 19:10:34
but the demo sketch (from your site) does not recognize it:
WiFi connected
IP address:
192.168.7.32
Waiting for NTP time sync: .
CET Fri Oct 13 19:10:41 2023
Number of CA certs read: 0
No certs found. Did you run certs-from-mozilla.py and upload the LittleFS directory before running?
Any ideas how to progress?
Many thanks
Any suggestions to resolve SSl certificate creation issue?
Hi @SG53
the size of your certs.ar file appears to be considerably smaller than expected:
FILE: certs.ar SIZE: 8
In contrast, when I generated the certs.ar file by following the instructions provided in the HiveMQ Cloud’s Getting Started guide for Arduino, I ended up with a certs.ar file of approximately 189K. You can download my file here.
To ensure the proper functioning of your board, I recommend verifying the size of your certs.ar file and confirming whether it is being fully uploaded to the board when utilizing little fs. It’s essential to have the correct file size to avoid any issues.
If you encounter any difficulties or need further assistance, please feel free to reach out. Your success with HiveMQ Cloud and Arduino is important to us, and we’re here to support you.
Best regards,
Dasha from HiveMQ Team
Dear Dasha,
Many thanks for your help.
I downloaded your cert.ar file and uploaded it. It was read successfully by the sketch. Though, no success in connecting to the server:
Root dir of LittleFS
Listing directory: /
FILE: certs.ar SIZE: 193128 CREATION: 1970-01-01 00:00:00
LAST WRITE: 1970-01-01 00:00:00
Connecting to MyWiFi
…
WiFi connected
IP address:
192.168.7.40
Waiting for NTP time sync: …
CET Sat Oct 28 07:00:23 2023
Number of CA certs read: 169
Attempting MQTT connection…failed, rc = 5 try again in 5 seconds
Attempting MQTT connection…failed, rc = 5 try again in 5 seconds
Any suggestions?
Warm regards
Sachi
Dear Dasha,
Many thanks for your help.
I downloaded your cert.ar file and uploaded it. It was read successfully by the sketch. Though, no success in connecting to the server:
Root dir of LittleFS
Listing directory: /
FILE: certs.ar SIZE: 193128 CREATION: 1970-01-01 00:00:00
LAST WRITE: 1970-01-01 00:00:00
Connecting to MyWiFi
…
WiFi connected
IP address:
192.168.7.40
Waiting for NTP time sync: …
CET Sat Oct 28 07:00:23 2023
Number of CA certs read: 169
Attempting MQTT connection…failed, rc = 5 try again in 5 seconds
Attempting MQTT connection…failed, rc = 5 try again in 5 seconds
Any suggestions?
Warm regards
Hello @SG53 ,
Thank you for these additional details! To confirm, are there any further logs or diagnostics available to provide details about where this MQTT connection failed?
With the current statement, we aren’t able to clearly identify if this is a communication issue, an authentication issue, or a TLS/SSL authentication issue, which does make distinct troubleshooting of a root cause more difficult. Additional, more verbose logs here could help us pinpoint where the connection failure is stemming from.
One initial step for further troubleshooting may be to use a tool such as the MQTT CLI tool (available here) and the generated certificates to verify if an external connection with these certificates is successful, validating the TLS/SSL config.
Best,
Aaron from the HiveMQ Team
Hello,
It seems I’m not alone with the security certificate. I’ve been struggling with git ( accessing the good path, installing the board manager for esp8266, updating python) and still no success even if the ar.exe is there. SG53 said that he downloaded the cert.ar file from Dasha and uploaded it by the sketch, but without connection success. Is the file corrupted or must it be generated on my computer to work? This is very time consuming (and baffling).
Not very user friendly…
Best,
Louis
Dear Luis
The cert.ar file is good and is processed well. I talked more to the Hivemq team, net net, they recommended to use a non-secured connection. This was the point were I gave up.
Good Luck
Thanks Dasha,
I thought that a secured connection was mandatory, but my little app really don’t need it. By the way, the first “cert.ar” in @SG53 message is given as a link to an Argentina website and the other one does not exist.
Have a good day,
Louis
Hi Sachi,
Sorry I misnamed you in my post. After a few searches, I concluded that I could generate my own certificate by other means (i.e. OpenSSL, for one) than what is suggested on your « Getting started with arduino » page. Since I’m not alone with this problem, maybe a simpler way to generate a certificate should be told on the previous page.
Have a good day,
Louis