Chirpstack 4 MQTT connection error "NULL Parameter"

ChirpStack (v4)
1

Hi, we’re attempting to upgrade from Chirpstack 3 to 4, but running into an error on startup connecting to our MQTT broker that didn’t previously occur.

Error logs:

chirpstack_1               | Sep 22 19:59:52.705  INFO chirpstack::gateway::backend: Setting up gateway backends for the different regions
chirpstack_1               | Sep 22 19:59:52.705  INFO chirpstack::gateway::backend: Setting up gateway backend for region region_name=us915_0 region_common_name=US915
chirpstack_1               | Sep 22 19:59:52.708  INFO chirpstack::gateway::backend::mqtt: Connecting to MQTT broker region_name=us915_0 server_uri=ssl://[HOSTNAME]:8883 clean_session=false client_id=chirpstack-v4-us915
chirpstack_1               | Error: New MQTT gateway backend error
chirpstack_1               |
chirpstack_1               | Caused by:
chirpstack_1               |     0: Connect to MQTT broker
chirpstack_1               |     1: [-6] NULL Parameter

Working v3 chirpstack-network-server config:

[network_server.gateway.backend.mqtt]
server="ssl://[HOSTNAME]:8883"
username="[USERNAME]"
password="[PASSWORD]"
qos=0
clean_session=true
client_id="chirpstack-ns"

Not-working v4 chirpstack config:

      # MQTT configuration.
      [regions.gateway.backend.mqtt]

        # Event topic template.
        event_topic="gateway/+/event/+"

        # Command topic template.
        command_topic="gateway/{{ gateway_id }}/command/{{ command }}"

        # MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
        server="ssl://[HOSTNAME]:8883"

        # Connect with the given username (optional)
        username="[USERNAME]"

        # Connect with the given password (optional)
        password="[PASSWORD]"

        # Quality of service level
        #
        # 0: at most once
        # 1: at least once
        # 2: exactly once
        #
        # Note: an increase of this value will decrease the performance.
        # For more information: https://www.hivemq.com/blog/mqtt-essentials-part-6-mqtt-quality-of-service-levels
        qos=0

        # Clean session
        #
        # Set the "clean session" flag in the connect message when this client
        # connects to an MQTT broker. By setting this flag you are indicating
        # that no messages saved by the broker for this client should be delivered.
        clean_session=false

        # Client ID
        #
        # Set the client id to be used by this client when connecting to the MQTT
        # broker. A client id must be no longer than 23 characters. If left blank,
        # a random id will be generated by ChirpStack.
        client_id="chirpstack-v4-us915"

        # CA certificate file (optional)
        #
        # Use this when setting up a secure connection (when server uses ssl://...)
        # but the certificate used by the server is not trusted by any CA certificate
        # on the server (e.g. when self generated).
        ca_cert=""

        # TLS certificate file (optional)
        tls_cert=""

        # TLS key file (optional)
        tls_key=""

I believe this “NULL Parameter” error occurs because we’re attempting to connect using SSL but don’t specify either ca_cert, tls_cert, or tls_key. That being said we’ve never specified those for chirpstack v3 and have been able to connect without issue. I tried specifying a value for ca_cert, and got a different more generic error:

chirpstack_1               | Error: New MQTT gateway backend error
chirpstack_1               |
chirpstack_1               | Caused by:
chirpstack_1               |     0: Connect to MQTT broker
chirpstack_1               |     1: [-1] TCP/TLS connect failure

Is it (and should it be) required to specify those variables to connect to an MQTT broker using SSL? In our case we’re using letsencrypt rather than self-signed SSL certs. Thanks in advance for your help!

2

Comment these options first?

3

I get the same error, regardless of whether I comment those out or leave them as empty strings

4

I was able to figure out a solution. For anyone using letsencrypt to secure your MQTT broker, you can download letsencrypt’s public ISRG Root X1 CA cert and use that as the ca_cert in your chirpstack.config:

# MQTT configuration.
[regions.gateway.backend.mqtt]

...

ca_cert="/path/to/isrgrootx1.cer"
5

Any idea how to fix this if you’re using AWS IoT Core as your MQTT broker? I don’t have username or password, and I’m using the same CA, cert and key as with Chirpstack 3. IoT Core was never touched and it’s working with Chirpstack 3.

6

I recommend you to read furtherly the documentation on Chirpstack v4 news, posted by Broocar.

7

There may be some changes in the configuration you are not seeing as a starting point!

8

I have the same issue with a new instance. My broker is not using LetsEncrypt, it uses a standard 2 year lifetime certificate. All my OpenSSL tests are OK and my current Chirpstack V3 connects to this broker just fine.

image

What does this error means? it’s a config error or a connection error?
Thanks in advance!

9

After some testing, I had to set up a CA certificate.
The configuration file says that the CA certificate is optional:
image
This is either a software error (it should ignore the empty parameter) o the docs should be updated and say that a CA certificate is needed.

I hope this comes in hand for anyone having this issue!

10

@Guilleojeda having the same problem here. AWS IoT connection works on V3 but not on V4.

@NicolasUy I have read the documentation but did not find any help. Can you just give a tip where I could find those differences?

11

Guys I have tried without success the connection with IoT core using TLS.

Here is my log:

chirpstack_1                       | 2023-02-25T19:20:24.471218Z  INFO chirpstack::integration::mqtt: Initializing MQTT integration
chirpstack_1                       | 2023-02-25T19:20:24.474332Z  INFO chirpstack::integration::mqtt: Configuring connection with TLS certificate ca_cert= tls_cert= tls_key=~/chirpstack-docker/configuration/chirpstack/private.pem.key
chirpstack_1                       | 2023-02-25T19:20:24.479393Z  INFO chirpstack::integration::mqtt: Connecting to MQTT broker server_uri=ssl://a170ach1dll0jq-ats.iot.eu-west-2.amazonaws.com:8883 client_id=572da5f962aff5c3 clean_session=false
chirpstack_1                       | Error: Setup MQTT integration
chirpstack_1                       | 
chirpstack_1                       | Caused by:
chirpstack_1                       |     0: Connect to MQTT broker
chirpstack_1                       |     1: [-1] TCP/TLS connect failure

Here is my code:

[integration]
  enabled=["mqtt"]

  [integration.mqtt]
    server= "ssl://[aws-host].amazonaws.com:8883"
    tsl_cert = "~/chirpstack-docker/configuration/chirpstack/certificate.pem.crt"
    tls_key= "~/chirpstack-docker/configuration/chirpstack/private.pem.key"
    ca_cert_= "~/chirpstack-docker/configuration/chirpstack/ca_cert.pem"
    json=true

@brocaar please can you help on that? I have several chirpstacks running in a industrial enviroment and I just sold the idea of chirpstack V4. But I cannot work withou AWS IoT Core broker.

12

I have solved my issue: we need to use the absolute path inside the docker, not the path of the volume.

1 Like
13

Thanks you saved my day :slight_smile:

What is strange is that for chirpstack-gateway-bridge in same container (as default) it works without specifying the ca_cert file, the issue occurs only with chirpstack

Anyway I’m using let’s encrypt also I’ve put let’s encrypt certificate on /etc/ssl/certs/ of the host and added according line to docker-compose.yml (and ca_cert in yml file of course)

    volumes:
      - ./configuration/chirpstack:/etc/chirpstack
      - ./lorawan-devices:/opt/lorawan-devices
      - /etc/ssl/certs:/etc/ssl/certs/

What is strange is that from the host, with /etc/ssl/certs/ I have, there is no issue to MQTT connect with SSL where the MQTT broker has let’s encrypt certificate.

1 Like
14

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.