By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cannot update OTAcertificate in AWS IoT ExpressLink (ESP32-C3-AWS-ExpressLink-DevKit)

0

I used command AT+CONF OTAcertificate=pem

and paste certificate info

but got response :

ERR21 INVALID OTA UPDATE

and the following logs

I (1302613) CONF: Writing OTAcertificate[0]
I (1302613) CONF: Reading OTAcertificate[0]
I (1302613) CONF: -----> PEM

If I used command AT+CONF? OTAcertificate pem

I got the response

OK1 pem
PEM

And the following logs

I (1535193) CONF: Reading OTAcertificate[0]
I (1535203) CONF: -----> PEM

Looks like OTAcertificate is read-only not writable? Is there any way to write or erase the data of OTAcertificate? I tried to OTW the firmware on both v1.0.20 and v2.4.1 but the OTAcertificate doesnt change

Topics
Internet of Things (IoT)
Tags
AWS IoT ExpressLink
Language
English
rePost-User-3083590
asked a year ago319 views
3 Answers
0

We are working with Espressif to understand the root cause and create a possible solution. The new certificate must be signed with the private key corresponding to the previous valid module OTA certificate. Since the OTA certificate is invalid (just the letters PEM), it should have been expected that the first valid module OTA certificate would be accepted.

AWS
Patrick_C
answered a year ago
0

I have been studying this problem and I have a few questions.

  1. What version of ESP32-C3-AWS-ExpressLink-DevKit are you using? enter
AT+CONF? Version

to get the version string. 2) When did the ERR21 appear? This error is supposed to be related to performing an OTA. A failed OTAcertificate write is supposed to result in ERR23 INVALID SIGNATURE so I wanted clarify the ERR21.

  1. Since we were tardy in our responses, do you have any additional information to offer on this issue?

We are working with Espressif to resolve the OTA certificate issues. We will have more information on Monday, but any additional information will help us provide better data.

profile pictureAWS
N9WXU
answered 10 months ago
0

Thank you for your post. This has been difficult to sort out because there are a number of issues.

  1. Mistyping the OTAcertificate change command will cause the certificate to be set to an invalid value. The certificate checking is not being performed correctly. This will be fixed in a FW release that can be applied with the Over the wire method.
  2. The instructions in the README.md incorrectly specify the pem mode as PEM (capitalized). The readme will be updated ASAP.
  3. We discovered that adding a space after the '=' will also cause an incorrect certificate. FW will be updated to correct the certificate checking on a new certificate.

These issues have been discussed and duplicated with Espressif and they are working on a FW update that will be released as soon as possible. While waiting for a new FW to correct these OTA issues, the rest of the Expresslink will continue to operate correctly. If you need to update to the latest FW (2.4.1) please use the OTW feature described here: https://github.com/espressif/esp-aws-expresslink-eval#92-carrying-out-an-over-the-wire-otw-upgrade

profile pictureAWS
N9WXU
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content