Re-run the openssl s_client command to see if it's changed the ssl endpoint... I'd guess that the extra listener has shifted the SSL config a little
I ran it twice, once for port 8883 and once for port 8884
running it for port 8883 gave me a write:errno=104
for port 8884 asked for verify return:1
connection8883.txt (2.3 KB) connection8884.txt (13.6 KB)
Chris
I'd suggest you check the positioning of your listener lines compared to your cafile, certfile, and keyfile lines.. The cafile and friends apply to the most recent listener lines.
1 Like
Urm, you are showing your bias there - Even DOS did that! 
This will be the culprit. If you generated your own certificate, unless you were very thorough and generated a root cert as well and then made Mosquitto aware of the root then it had no way of verifying your cert.
2 Likes
Hi i am have also tried the same thing both andreas-ibm and ChrisO tried but for me i am stuck at this part as i only get this as my output when I used this
openssl s_client -connect localhost:8883 -CAfile C:\mosquitto\certs\ca.crt -prexit
There is a more comprehensive example of a full TLS configuration for MQTT elsewhere on the forum so you should do some more searching for that.
If using self-generated certs, make sure you turn off certificate checks unless you have done ALL of the steps required and provided the full-chain certificate and not just the server cert. since that is the only way that the client will have of checking that the certificate is valid.
