Need Help with MQTT over MQTTS on My VPS - Node-RED Failing to Connect to Broker

I’m running into an issue with my MQTT setup over MQTTS and hoping to get some help from the community. Here’s a detailed breakdown of my setup and what I’ve tried so far.

My Setup:

VPS Details:

I'm running a VPS with Ubuntu.

Node-RED is installed and running as the root user with user authentication over https:// .

Certificates:

I’ve generated my own certificates using OpenSSL: CA.crt, CA.key, server.crt, and server.key. and another server certificate and key for my node-red to connect over https using the same CA.crt. and installed it on m browser and it has been accepted also.

These certificates have been properly tested using openssl s_client and everything seems to work when I check the CA using:

openssl s_client -connect my-VPS-IP:8883 -CAfile CA.pem

The connection is established successfully, and verification returns OK also I used moquitto_client sub and pub using --CA option also was OK.

Node-RED Configuration:

I have an MQTT broker setup over MQTTS at mqtts://my-VPS-IP:8883.

The broker works fine when I uncheck the "Verify Server Certificate" option in Node-RED's MQTT node.

But as soon as I check the box to verify the certificate and provide the CA.pem, the connection fails with repeated logs showing:

Connection failed to broker: plc@mqtts://my-VPS-IP:8883

The certificates are properly placed and accessible by Node-RED, running under the root user.

Node-RED Logs:

The logs show repeated failures when trying to connect to the broker:

sudo journalctl -u node-red -f

Example log:

less

Aug 26 10:46:29 - [info] [mqtt-broker:MQTT broker] Connection failed to broker: plc@mqtts://my-VPS-IP:8883

TLS Compatibility:

I’ve confirmed that the broker supports TLSv1.3 (checked via openssl).

Node.js version used by Node-RED also supports TLS 1.2 and 1.3.

The Issue:

Node-RED connects fine when I disable the server certificate verification.

When I enable certificate verification in the MQTT node and provide the CA.pem, the connection fails repeatedly.

The certificates work fine when tested with openssl, but Node-RED seems to have issues verifying the broker's certificate.

What I’ve Tried:

Tested the Broker with OpenSSL:

Works fine, and certificate verification passes.

Verified the File Path:

The CA.pem file is correctly referenced in Node-RED's MQTT node configuration.

Permissions on the CA.pem file are correct (readable by Node-RED).

Checked TLS Version Compatibility:

The broker and Node.js (Node-RED) both support TLSv1.3, and no version mismatch seems to be the issue.

Any Ideas?

If anyone has experience with this kind of setup or has seen similar issues with Node-RED and MQTT over MQTTS, I would greatly appreciate your insights. I feel like it’s either a small configuration error or something specific with how Node-RED handles certificates, but I can't pinpoint it.

Thanks in advance for any help!

Have you tried a different MQTT client (to rule out certs and connectivity) from the server running node-red to the MQTT broker server? Mosquito pub supports TLS

Yes, and it connects with no problem at all.

I noticed error message in my browser console every time I change the status of "verify server certificate" check-box and click upload the error message appears "oneditsave 40a7f8e85e10c212 tls-config ReferenceError: clearNameData is not defined."