My code below. It just prints ........... and never connects.
#include <Arduino.h>
#include <ESP8266WiFi.h>
#include <PubSubClient.h>
#include "secrets.h"
#include "constants.h"
BearSSL::WiFiClientSecure espClient;
PubSubClient client(espClient);
BearSSL::X509List cert(AWS_ROOT_CA_CERTIFICATE);
BearSSL::X509List client_crt(AWS_DEVICE_CERTIFICATE_CRT);
BearSSL::PrivateKey key(AWS_DEVICE_CERTIFICATE_PRIVATE_KEY);
void setupWifi(){
WiFi.begin("A12", "oste8780");
Serial.print("Connecting");
while (WiFi.status() != WL_CONNECTED){ delay(500); Serial.print("."); };
Serial.print("Connected, IP address: ");
Serial.print(WiFi.localIP());
Serial.print(NEXTION_END_STRING);
}
void connectAWS(){
while (WiFi.status() != WL_CONNECTED){
delay(500);
Serial.print(".");
}
// Connect to the MQTT broker on the AWS endpoint we defined earlier
Serial.print("Connecting to AWS IOT");
while (!client. Connect(THING_NAME.c_str())){
Serial.print(".");
delay(100);
}
// Subscribe to a topic
client. subscribe(AWS_READING_TOPIC_SUB.c_str());
Serial.println("AWS IoT Connected!");
}
void setup() {
Serial.begin(9600);
setupWifi();
espClient.setTrustAnchors(&cert);
espClient.setClientRSACert(&client_crt, &key);
client.setClient(espClient);
client.setServer(AWS_IOT_ENDPOINT.c_str(), 8883);
}
void loop(){
if (!client.connected()) {
connectAWS();
}
if(millis()-lastMillis>3000){
lastMillis=millis();
Serial.print("Here!! -");
Serial.print(NEXTION_END_STRING);
Serial.print("Publishing message to AWS");
// Publish a message to MQTT topic
client.publish(mqttTopic, message.c_str());
}
}
The article has just led me to more confusion.
But why would my endpoint and certificate not be valid if I copied them directly from the AWS console.
Connection errors are usually a result of things such as incorrect IoT policy, policy not attached to the certificate, certificate not attached to the thing, using the wrong root CA or the wrong endpoint, etc. The links I gave will help walk you through those possibilities, and narrow down the cause. Did you try? If so, what's the result?
This is the policy, it is attached to the Thing certificate, certificate is attached to the thing.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:Connect", "Resource": "arn:aws:iot:eu-west-2:767397765941:client/ESP8266-ENVIROHEAT" }, { "Effect": "Allow", "Action": "iot:Publish", "Resource": "arn:aws:iot:eu-west-2:767397765941:topic/ESP8266-ENVIROHEAT/readings*" }, { "Effect": "Allow", "Action": "iot:Subscribe", "Resource": "arn:aws:iot:eu-west-2:767397765941:topicfilter/ESP8266-ENVIROHEAT/readings*" }, { "Effect": "Allow", "Action": "iot:Receive", "Resource": "arn:aws:iot:eu-west-2:767397765941:topic/ESP8266-ENVIROHEAT/readings*" }, { "Effect": "Allow", "Action": "iot:Connect", "Resource": "arn:aws:iot:eu-west-2:767397765941:client/client1" } ] }
I don't immediately see an error in your policy. Is
THING_NAME
in your codeESP8266-ENVIROHEAT
? IsAWS_IOT_ENDPOINT
set to the ATS endpoint? IsAWS_ROOT_CA_CERTIFICATE
AmazonRootCA1.pem? It would be helpful if you could run the openssl command in the link that I gave, so we know your cloud configuration is correct. And try using another MQTT client like mosquitto_pub:mosquitto_pub -h YOUR_ENDPOINT -p 8883 -t YOUR_PUBLIC_TOPIC -m "hello" -i YOUR_CLIENT_NAME --cert cert.pem --key key.pem --cafile CA.pem -d
. This would help us know if the problem is your code or not.