Trying to connect ESP32 IDF example to HIVEHQ

I am using the IDF MQTT5 example project, and have built it unmodified and can connect to Mosquito

I (47716) mqtt5_example: Other event id:7
I (47726) main_task: Returned from app_main()
I (49036) mqtt5_example: MQTT_EVENT_CONNECTED

I now want to change the broker to HIVEHQ but am battling to get the HIVHQ URI accepted.
I have opened an account at HIVEHQ and can connect and use it successfully with a Python Paho test app I wrote using MQTT5 and TLS so I know the broker side is good.

I started by changing the line:

    .broker.address.uri = CONFIG_BROKER_URL,

to my hive URI

    .broker.address.uri = "d72b0b51da08402e86d06db5db25f244.s1.eu.hivemq.cloud",

It seems the URI cannot be passed in this format and my logs show:
[Codebox=text file=Untitled.txt]E (27296) mqtt_client: Error parse uri = d72b0b51da08402e86d06db5db25f244.s1.eu.hivemq.cloud[/Codebox]

or this format

    .broker.address.uri = "mqtt://d72b0b51da08402e86d06db5db25f244.s1.eu.hivemq.cloud",

my logs:
E (39766) esp-tls: [sock=54] select() timeout
E (39766) transport_base: Failed to open a new connection: 32774
E (39766) mqtt_client: Error transport connect

So I tried commenting out

    // .broker.address.uri = CONFIG_BROKER_URL,

and adding

    .broker.address.hostname = "d72b0b51da08402e86d06db5db25f244.s1.eu.hivemq.cloud",
    .broker.address.port = 8883,
    .broker.address.transport = MQTT_TRANSPORT_OVER_TCP,

my logs:
E (21096) mqtt_client: esp_mqtt_handle_transport_read_error: transport_read(): EOF
E (21096) mqtt_client: esp_mqtt_handle_transport_read_error: transport_read() error: errno=128

So I went back to eclipse broker and tried:

    .broker.address.uri = CONFIG_BROKER_URL,
    .broker.address.port = 8883,
    .broker.address.transport = MQTT_TRANSPORT_OVER_TCP,

my logs:
W (30676) mqtt_client: Transport config set, but overridden by scheme from URI: transport = 1, uri scheme = mqtt
E (30686) mqtt5_client: Client was not initialized

Can someone please help with a working solution for my HIVEHQ account

Thanks

Hello @MichaelS

I’m relatively new to ESP-IDF projects but I can try to help you. While reviewing the MQTT 5 sample code, I noticed it might not be compatible with HiveMQ Cloud. This is primarily due to the absence of TLS libraries like “esp_tls.h” in the sample.

My suggestion to you is the following:

• Starting by using the ESP-MQTT SSL Sample project esp-idf/examples/protocols/mqtt/ssl at master · espressif/esp-idf · GitHub

• Replace the project default CA certificate (mqtt_eclipseprojects_io.pem) content with the Root CA certificate required by HiveMQ Cloud https://letsencrypt.org/certs/isrgrootx1.pem. You can leave the same certificate name (mqtt_eclipseprojects_io.pem) so you don’t have to make any changes to the code.

2024-07-23 at 10.11.09@2x660×810 63.1 KB

• Change the BROKER_URI config in your Kconfig.projbuild file to the following

mqtts://d72b0b51da08402e86d06db5db25f244.s1.eu.hivemq.cloud:8883

• Build the project.

Kind regards,
Diego from HiveMQ Team

Hello @MichaelS

I got the ESP IDF MQTT SSL project sample working with my ESP32 NodeMCU device but some changes in the code and SDK config are required to connect to HiveMQ Cloud.

2024-07-23 at 11.50.24@2x1920×1276 178 KB

1. You have to replace the certificate content of .pem file as described previously.

2. You must add credentials properties in this part of the code.

static void mqtt_app_start(void)
{
    const esp_mqtt_client_config_t mqtt_cfg = {
        .broker = {
            .address.uri = CONFIG_BROKER_URI,
            .verification.certificate = (const char *)mqtt_eclipseprojects_io_pem_start
        },
        .credentials = {
            .username = "TYPE_USERNAME",
            .authentication.password = "TYPE_PASSWORD"
        }
    };

3. Define Broker URL and Broker certificate override in SDK config like the screenshot below.

Broker URL: mqtts://d72b0b51da08402e86d06db5db25f244.s1.eu.hivemq.cloud:8883
Broker certificate override: Must leave empty

2024-07-23 at 12.01.00@2x1662×558 85.6 KB

4. Enable WiFi interface and set your wireless network configuration.

2024-07-23 at 12.09.06@2x1722×674 139 KB

5. Build and run the project.

Kind regards,
Diego from HiveMQ Team

Hi
Thanks for your help so far. Following you steps, I have managed to connect MQTT to Eclipse Mosquitto using SSL.

I then tried to switch to HiveHQ

I modified mqq_app_start as follows to add my URI, username and password:

static void mqtt_app_start(void)
{
const esp_mqtt_client_config_t mqtt_cfg = {
.broker = {
// .address.uri = CONFIG_BROKER_URI,
.address.uri = “mqtts://d72b0b51da08402e86d06db5db25f244.s1.eu.hivemq.cloud:8883”,
.verification.certificate = (const char *)mqtt_eclipseprojects_io_pem_start,
},
.credentials = {
.username = “123”,
.authentication.password = “456”,
},
};

ESP_LOGI(TAG, "[APP] Free memory: %" PRIu32 " bytes", esp_get_free_heap_size());
esp_mqtt_client_handle_t client = esp_mqtt_client_init(&mqtt_cfg);
/* The last argument may be used to pass data to the event handler, in this example mqtt_event_handler */
esp_mqtt_client_register_event(client, ESP_EVENT_ANY_ID, mqtt_event_handler, NULL);
esp_mqtt_client_start(client);

}

Now I get in my logs:

I (13953) example_common: - IPv4 address: 192.168.1.8,
I (13963) example_common: - IPv6 address: fe80:0000:0000:0000:96b9:7eff:fed8:f8d4, type: ESP_IP6_ADDR_IS_LINK_LOCAL
I (13973) mqtts_example: [APP] Free memory: 230388 bytes
I (13983) mqtts_example: Other event id:7
I (13983) mqtt_client: BELOW MQTT_ENABLE_SSL
I (13993) main_task: Returned from app_main()
W (16953) mqtt_client: Connection refused, not authorized
I (16953) mqtts_example: MQTT_EVENT_ERROR
I (16953) mqtts_example: Connection refused error: 0x5
E (16953) mqtt_client: MQTT connect failed
I (16963) mqtts_example: MQTT_EVENT_DISCONNECTED

Your help really appreciated.

Sorry I mistakenly copied the username and password from the Espressif MQTT5 example rather than the ones I set up in HIVEMQ. With the correct credentials I can now connect, subscribe and publish.

My next steps is to migrate the SSL stuff into the MQTT5 example. I will keep you posted.

Thanks
Michael

Hi Diego
I now have an MQTT5 SSL connection to HIVMQ.

Just one question I have regarding your instruction:
Replace the project default CA certificate (mqtt_eclipseprojects_io.pem) content with the Root CA certificate required by HiveMQ Cloud.

For me, this was the key to getting it working.

I don’t know about security standards. I Googled the difference but am still not clear. By CA certificate, do you mean an intermediate certificate?

Why would Espressif example use a CA certificate instead of a Root CA when even Mosquitto (used in the example) requires a Root CA. A note in the instructions would have been helpful.

The format of the certificates look the same. How does the broker know which is which?

I am very grateful for you help.

Best regards
Michael

Hello @MichaelS

You’re very welcome! To connect to HiveMQ Cloud, secure TLS connections are mandatory. This means your device or client must trust the Certificate Authority (CA) that issued the certificate for the HiveMQ Cloud broker you are connecting to.

For HiveMQ Cloud, you need the Root CA certificate from Let’s Encrypt. You can download the required Root CA certificate from this link, as mentioned in the instructions above.

Please note that the certificate file provided in the project is specifically to be used with the broker at the address “mqtt.eclipseprojects.io”. That is the difference.

Kind regards,
Diego from HiveMQ Team