I’m running into an issue with my MQTT setup over MQTTS and hoping to get some help from the community. Here’s a detailed breakdown of my setup and what I’ve tried so far.
My Setup:
VPS Details:
I'm running a VPS with Ubuntu.
Node-RED is installed and running as the root user with user authentication over https:// .
Certificates:
I’ve generated my own certificates using OpenSSL: CA.crt, CA.key, server.crt, and server.key. and another server certificate and key for my node-red to connect over https using the same CA.crt. and installed it on m browser and it has been accepted also.
These certificates have been properly tested using openssl s_client and everything seems to work when I check the CA using:
openssl s_client -connect my-VPS-IP:8883 -CAfile CA.pem
The connection is established successfully, and verification returns OK also I used moquitto_client sub and pub using --CA option also was OK.
Node-RED Configuration:
I have an MQTT broker setup over MQTTS at mqtts://my-VPS-IP:8883.
The broker works fine when I uncheck the "Verify Server Certificate" option in Node-RED's MQTT node.
But as soon as I check the box to verify the certificate and provide the CA.pem, the connection fails with repeated logs showing:
Connection failed to broker: plc@mqtts://my-VPS-IP:8883
The certificates are properly placed and accessible by Node-RED, running under the root user.
Node-RED Logs:
The logs show repeated failures when trying to connect to the broker:
sudo journalctl -u node-red -f
Example log:
less
Aug 26 10:46:29 - [info] [mqtt-broker:MQTT broker] Connection failed to broker: plc@mqtts://my-VPS-IP:8883
TLS Compatibility:
I’ve confirmed that the broker supports TLSv1.3 (checked via openssl).
Node.js version used by Node-RED also supports TLS 1.2 and 1.3.
The Issue:
Node-RED connects fine when I disable the server certificate verification.
When I enable certificate verification in the MQTT node and provide the CA.pem, the connection fails repeatedly.
The certificates work fine when tested with openssl, but Node-RED seems to have issues verifying the broker's certificate.
What I’ve Tried:
Tested the Broker with OpenSSL:
Works fine, and certificate verification passes.
Verified the File Path:
The CA.pem file is correctly referenced in Node-RED's MQTT node configuration.
Permissions on the CA.pem file are correct (readable by Node-RED).
Checked TLS Version Compatibility:
The broker and Node.js (Node-RED) both support TLSv1.3, and no version mismatch seems to be the issue.
Any Ideas?
If anyone has experience with this kind of setup or has seen similar issues with Node-RED and MQTT over MQTTS, I would greatly appreciate your insights. I feel like it’s either a small configuration error or something specific with how Node-RED handles certificates, but I can't pinpoint it.
Thanks in advance for any help!