I have been trying to publish and subscribe but i keep on getting this errorssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1076)
Hi @TGKunene ,
Welcome to the HiveMQ community forum.
Thanks,
What do you mean by product? because we are using the free version
Hi @TGKunene ,
Thank you for the response. This means you are using HiveMQ Cloud free (there is also HiveMQ Community Edition, Professional Edition and Enterprise Edition)this post
If you provide an API or have to support IoT devices, you’ll need to make sure of two things: (1) all clients of your API must trust ISRG Root X1 (not just DST Root CA X3), and (2) if clients of your API are using OpenSSL, they must use version 1.1.0 or later . In OpenSSL 1.0.x, a quirk in certificate verification means that even clients that trust ISRG Root X1 will fail when presented with the Android-compatible certificate chain we are recommending by default.
In short: You need to make sure to update your devices trust store so that it trusts the LetsEncrypt certificate used by HiveMQ Cloud again.
Kind regards,
Hi @hivemq-support
I’ve the same issue with HiveMQ.Cloud (Free version). tested on Windows 10 with MQTT Explorer (last version) it cannot connect if “Validate Certificate” is checked.
Hi @smartskills ,
Here are the current certificates for LetsEncrypt
Update from LetsEncrypt
Deep Dive on the topic
What you can also always do is follow our instructions on creating CA file in the FAQ post .
Kind regards,
Hi all,
In case it help others,
MQTT Explorer use electron and has an issue with the certificate expiration: [Bug]: Let's Encrypt root CA isn't working properly · Issue #31212 · electron/electron · GitHub
And For Xamarin Apps it’s related to Mono:
opened 06:28PM - 30 Sep 21 UTC
Area: Mono Runtime
### Steps to Reproduce
1. Have a certificate with 2 verification paths as [ex… plained here](https://letsencrypt.org/2020/12/21/extending-android-compatibility.html)
2. Register that certificate on a webserver
3. Create an HttpWebRequest to with the webserver URL from step 2
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(address);
request.Accept = "application/json";
request.Method = "GET";
using var response = await request.GetResponseAsync().ConfigureAwait(false); // throws exception
This only happens with LetsEncrypt certificates that were signed with the expired certificate DST Root CA X3. Our SSL certificate was issued in August 2021 with the dual signature.
It is not an issue for Apple iOS or iPadOS
Chrome has an issue with the certificate on older devices, but not on recent devices
Viewing the certificate in windows browsers showed the valid path
Viewing the certificate on old emulators showed the invalid path and failed to be trusted
On devices that chrome showed the certificate as valid, Xamarin Android app still failed to trust the certificate
Certificate worked until September 29th when the DST Root CA X3 certificate expired
Work Around: Renewing the certificate with LetsEncrypt Acme after Sept 30th 2021 fixed the problem
### Expected Behavior
SSL Works, web request succeeds
### Actual Behavior
Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
### Version Information
<!--
1. On macOS and within Visual Studio, select Visual Studio > About Visual Studio, then click the Show Details button, then click the Copy Information button.
2. Paste below this comment block.
-->
Microsoft Visual Studio Enterprise 2019
Version 16.11.2
VisualStudio.16.Release/16.11.2+31624.102
Microsoft .NET Framework
Version 4.8.04084
Installed Version: Enterprise
Visual C++ 2019 00435-60000-00000-AA537
Microsoft Visual C++ 2019
ADL Tools Service Provider 1.0
This package contains services used by Data Lake tools
ASA Service Provider 1.0
ASP.NET and Web Tools 2019 16.11.75.64347
ASP.NET and Web Tools 2019
ASP.NET Web Frameworks and Tools 2019 16.11.75.64347
For additional information, visit https://www.asp.net/
Azure App Service Tools v3.0.0 16.11.75.64347
Azure App Service Tools v3.0.0
Azure Data Lake Node 1.0
This package contains the Data Lake integration nodes for Server Explorer.
Azure Data Lake Tools for Visual Studio 2.6.1000.0
Microsoft Azure Data Lake Tools for Visual Studio
Azure Functions and Web Jobs Tools 16.11.75.64347
Azure Functions and Web Jobs Tools
Azure Stream Analytics Tools for Visual Studio 2.6.1000.0
Microsoft Azure Stream Analytics Tools for Visual Studio
C# Tools 3.11.0-4.21403.6+ae1fff344d46976624e68ae17164e0607ab68b10
C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.
Common Azure Tools 1.10
Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.
Extensibility Message Bus 1.2.6 (master@34d6af2)
Provides common messaging-based MEF services for loosely coupled Visual Studio extension components communication and integration.
Fabric.DiagnosticEvents 1.0
Fabric Diagnostic Events
IntelliCode Extension 1.0
IntelliCode Visual Studio Extension Detailed Info
Microsoft Azure HDInsight Azure Node 2.6.1000.0
HDInsight Node under Azure Node
Microsoft Azure Hive Query Language Service 2.6.1000.0
Language service for Hive query
Microsoft Azure Service Fabric Tools for Visual Studio 16.10
Microsoft Azure Service Fabric Tools for Visual Studio
Microsoft Azure Stream Analytics Language Service 2.6.1000.0
Language service for Azure Stream Analytics
Microsoft Azure Stream Analytics Node 1.0
Azure Stream Analytics Node under Azure Node
Microsoft Azure Tools for Visual Studio 2.9
Support for Azure Cloud Services projects
Microsoft Continuous Delivery Tools for Visual Studio 0.4
Simplifying the configuration of Azure DevOps pipelines from within the Visual Studio IDE.
Microsoft JVM Debugger 1.0
Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines
Microsoft Library Manager 2.1.113+g422d40002e.RR
Install client-side libraries easily to any web project
Microsoft MI-Based Debugger 1.0
Provides support for connecting Visual Studio to MI compatible debuggers
Microsoft Visual C++ Wizards 1.0
Microsoft Visual C++ Wizards
Microsoft Visual Studio Tools for Containers 1.2
Develop, run, validate your ASP.NET Core applications in the target environment. F5 your application directly into a container with debugging, or CTRL + F5 to edit & refresh your app without having to rebuild the container.
Microsoft Visual Studio VC Package 1.0
Microsoft Visual Studio VC Package
Mono Debugging for Visual Studio 16.10.15 (552afdf)
Support for debugging Mono processes with Visual Studio.
NuGet Package Manager 5.11.0
NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/
ProjectServicesPackage Extension 1.0
ProjectServicesPackage Visual Studio Extension Detailed Info
Razor (ASP.NET Core) 16.1.0.2122504+13c05c96ea6bdbe550bd88b0bf6cdddf8cde1725
Provides languages services for ASP.NET Core Razor.
Snapshot Debugging Extension 1.0
Snapshot Debugging Visual Studio Extension Detailed Info
SQL Server Data Tools 16.0.62107.28140
Microsoft SQL Server Data Tools
Test Adapter for Boost.Test 1.0
Enables Visual Studio's testing tools with unit tests written for Boost.Test. The use terms and Third Party Notices are available in the extension installation directory.
Test Adapter for Google Test 1.0
Enables Visual Studio's testing tools with unit tests written for Google Test. The use terms and Third Party Notices are available in the extension installation directory.
ToolWindowHostedEditor 1.0
Hosting json editor into a tool window
TypeScript Tools 16.0.30526.2002
TypeScript Tools for Microsoft Visual Studio
Visual Basic Tools 3.11.0-4.21403.6+ae1fff344d46976624e68ae17164e0607ab68b10
Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.
Visual F# Tools 16.11.0-beta.21322.6+488cc578cafcd261d90d748d8aaa7b8b091232dc
Microsoft Visual F# Tools
Visual Studio Code Debug Adapter Host Package 1.0
Interop layer for hosting Visual Studio Code debug adapters in Visual Studio
Visual Studio Container Tools Extensions 1.0
View, manage, and diagnose containers within Visual Studio.
Visual Studio Tools for CMake 1.0
Visual Studio Tools for CMake
Visual Studio Tools for Containers 1.0
Visual Studio Tools for Containers
Visual Studio Tools for Kubernetes 1.0
Visual Studio Tools for Kubernetes
VisualStudio.DeviceLog 1.0
Information about my package
VisualStudio.Foo 1.0
Information about my package
VisualStudio.Mac 1.0
Mac Extension for Visual Studio
Xamarin 16.11.000.174 (d16-11@e8f56f1)
Visual Studio extension to enable development for Xamarin.iOS and Xamarin.Android.
Xamarin Designer 16.11.0.17 (remotes/origin/11e0001f0b17269345e80b58fb3adf1ba4efe2cd@11e0001f0)
Visual Studio extension to enable Xamarin Designer tools in Visual Studio.
Xamarin Templates 16.10.5 (355b57a)
Templates for building iOS, Android, and Windows apps with Xamarin and Xamarin.Forms.
Xamarin.Android SDK 11.4.0.5 (d16-11/7776c9f)
Xamarin.Android Reference Assemblies and MSBuild support.
Mono: c633fe9
Java.Interop: xamarin/java.interop/d16-11@48766c0
ProGuard: Guardsquare/proguard/v7.0.1@912d149
SQLite: xamarin/sqlite/3.35.4@85460d3
Xamarin.Android Tools: xamarin/xamarin-android-tools/d16-11@683f375
Xamarin.iOS and Xamarin.Mac SDK 14.20.0.25 (3b53e529b)
Xamarin.iOS and Xamarin.Mac Reference Assemblies and MSBuild support.
### Log File
<!--
1. Within Visual Studio:
a. Click **Tools** > **SDK Command Prompt** on macOS or
**Tools** > **Android** > **Android Adb Command Prompt** on Windows
b. On macOS, in the launched `Terminal.app` window, run:
adb logcat -d | pbcopy
On Windows, in the launched `cmd.exe` window, run:
adb logcat -d | clip
2. Paste below this comment block
-->
<!--
Switch to the "Preview" tab to ensure your issue renders correctly.
-->
Solution I’ve applied temporarly to have my android-Xamarin-Mono client working is to change settings of each client:
Go to “Settings > Security > Encryption & credentials” > Trusted credentials"
Scroll down and disable “Digital Signature Trust Co. - DST Root CA X3”
waiting a long term solution.
1 Like