Vernemq MQTT listener using TLS/SSL gives A TLS error occurred.

tom8499 · January 9, 2024, 11:55am

Hi All
I am running VerneMQ on my local server. I use authentication via Auth file and Database. Currently, I have enabled the MQTT listener in VerneMQ, but it is not working. I created an SSL certificate, but it is throwing an error: 'A TLS error occurred

Thanks
Raja

afa · January 9, 2024, 12:25pm

Hi,
I suspect your error is coming from “mosquitto_sub”, that is your MQTT client. You might need to point the command to your CA file (--cafile) and use --insecure to disable hostname verification.

Also check the Verne logs for server side log lines. You can also check the running listeners using vmq-admin listener show

tom8499 · January 10, 2024, 6:27am

This is my docker-compose file for vernemq listener

vernemq:
image: erlio/docker-vernemq
container_name: vernemq
restart: always
environment:
DOCKER_VERNEMQ_ACCEPT_EULA: ‘yes’
DOCKER_VERNEMQ_PLUGINS__VMQ_DIVERSITY: ‘on’
DOCKER_VERNEMQ_PLUGINS__VMQ_PASSWD: ‘off’
DOCKER_VERNEMQ_LISTENER__SSL__DEFAULT: ‘0.0.0.0:8883’
DOCKER_VERNEMQ_LISTENER__SSL__ALLOWED_PROTOCOL_VERSIONS: ‘3,4,5’
DOCKER_VERNEMQ_LISTENER__SSL__CAFILE: ‘/etc/vernemq/vernemq_ca.crt’
DOCKER_VERNEMQ_LISTENER__SSL__CERTFILE: ‘/etc/vernemq/vernemq.crt’
DOCKER_VERNEMQ_LISTENER__SSL__KEYFILE: ‘/etc/vernemq/vernemq.key’
DOCKER_VERNEMQ_LISTENER__SSL__REQUIRE_CERTIFICATE: ‘on’
DOCKER_VERNEMQ_LISTENER__SSL__TLS_VERSION: ‘tlsv1.2’
ports:
- “1883:1883”
- “8888:8888”
- “8883:8883”
expose:
- 1883
volumes:
- /etc/vernemq/ver.acl
- /etc/vernemq/vernemq_ca.crt
- /etc/vernemq/vernemq.crt
- /etc/vernemq/vernemq.key

I am running the command ‘vmq-admin listener show,’ but it shows that all ports are working

afa · January 10, 2024, 7:15am

You are using a very old repo (erlio/docker-vernemq).
While I don’t recall TLS not working with that, you should use the newer images from vernemq/vernemq.

(Note that those images need a paid subscription for commercial use.)

tom8499 · January 10, 2024, 7:33am

Could you please share some documentation for the MQTT listener in the Vernemq Docker Compose file?

tom8499 · January 10, 2024, 8:12am

I use updated version image it also getting same error
image: vernemq/vernemq

OpenSSL Error[0]: error:0A000126:SSL routines::unexpected eof while reading
Unable to connect (A TLS error occurred.

afa · January 10, 2024, 11:35am

My suggestion is still to check the VerneMQ logs. There’s probably an exception logged there.