Alejandro Posted November 20 Posted November 20 (edited) We have experienced a nasty bug on ShellyPlus 1PM with FW versions 1.3.1 or 1.3.2, that prevents the Shelly registering on the MQTT Broker due to problems with the SSL certificate. The behavior is: the device try to connect to the MQTT Broker, fails doing so, and resets itself. Then again the same in an infinite loop. You can see them connecting/disconnecting in a loop to the WIFI due to these resets. Problem is that doing so interrupts the Switch, so the device that was being controlled (On/Off) by the Shelly, powers down as a result on each reset cycle. Note that previous FW 1.3.0 and next FW 1.3.3 both work OK. And even the nasty ones: 1.3.1 and 1.3.2, in our case were previously working OK, until one day the Broker certificate updated, and Booom!!!, seemingly due to a change in the SSL certificate format (more bits or something like that on a more modern certificate). Updating the affected devices to FW 1.3.3 solves the issue. Sadly, we have lot of them on field, that has totally lost connectivity becasue of this. We are going to try to update the broker SSL certificate to al older format to see if they recover connectivity. NOTE: there is no explicit mention I could see to this problem as "fixed" in the changelog for the FW 1.3.3, but it was indeed fixed in this version. Edited November 20 by Alejandro Quote Translate Revert translation? English (American) Finnish French German Italian Portuguese (European) Spanish
Alejandro Posted November 20 Author Posted November 20 I reply myself updating: I have seen a note in changelog for FW 1.3.3 that may be relevant: https://shelly-api-docs.shelly.cloud/gen2/changelog/ shelly_cloud.pem: Add roots for popular cloud service provider This may be have something to with the fact that 1.3.3. solves the issue. Also, I have just noted than on a Shelly that has the affected version 1.3.1, if I change the MQTT setting from "DefaultTLS" (and it cannot connect to MQTT) to "TLS no validation", now it can connect without updating firmware. Quote Translate Revert translation? English (American) Finnish French German Italian Portuguese (European) Spanish
Alejandro Posted November 20 Author Posted November 20 (edited) UPDATE: Solved. The bug is that FW 1.3.1 and 1.3.2 do not work with SSL certificates of type ECDSA (256 bits elipitical). Let's encrypt started issuing that certificates from certain date, and defaut certbot config obtains that type. I have changed my certbot script to explicitly ask for a RSA 4096 certificate type, adding these commadn line flags: --rsa-key-size 4096 --key-type rsa I regenerated the certificate, restarted Mosquitto MQTT Broker and Voilá!!! my Shellys have recovered connectivity 🙂 Edited November 20 by Alejandro Quote Translate Revert translation? English (American) Finnish French German Italian Portuguese (European) Spanish
Heinz Posted November 21 Posted November 21 just a question what MQTT broker are you using ? Quote Translate Revert translation? English (American) Finnish French German Italian Portuguese (European) Spanish
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.