Chirpstack MQTT connection error, gateway bridge mqtt connects fine

I’m trying to use the same connection parameters for both my gateway bridge and chirpstack. The gateway bridge connect correctly:

chirpstack-gateway-bridge-us915_1_1 | time=“2023-07-25T21:04:27.254681585Z” level=info msg=“integration/mqtt: connected to mqtt broker”

But chirpstack does not:

chirpstack_1 | 2023-07-25T21:04:28.697833Z INFO chirpstack::integration::mqtt: Initializing MQTT integration
chirpstack_1 | 2023-07-25T21:04:28.701082Z INFO chirpstack::integration::mqtt: Connecting to MQTT broker server_uri=ssl://b-acf794f7-bc49-481a-92df-30416e749fbd-1.mq.us-west-2.amazonaws.com:8883/ client_id=17e65df96a13e5d6 clean_session=false
chirpstack_1 | Error: Setup MQTT integration
chirpstack_1 |
chirpstack_1 | Caused by:
chirpstack_1 | 0: Connect to MQTT broker
chirpstack_1 | 1: [-6] NULL Parameter

I thought having the same connection parameters should work fine. Does anybody have any tips as to what might be wrong? BTW, I can connect without issue to the same mqtt broker via mosquitto_sub and mosquitto_pub using the same credentials. Thanks in advance.

Which version of the MQTT forwarder are you using? As well, should there be a trailing slash (/) after :8883?

I think I’ve figured out a fix, but since I’m not really familiar with rust, there could be a better solution. I believe we need an empty ssl options block to allow connecting to an ssl connection without any client-side certs.

I added the following code:

        else {
            let ssl_opts_b = mqtt::SslOptionsBuilder::new();
            conn_opts_b.ssl_options(ssl_opts_b.finalize());
        }

to the
if !conf.ca_cert.is_empty() || !conf.tls_cert.is_empty() || !conf.tls_key.is_empty() {

block. Seems to work for me, although I’m having issues connecting to my broker after I built a new docker image with this change. I.e. it works in the development environment, but when I try a deployment with a new docker image, I have an error connecting due to this error:
TCP/TLS connect failure

My current guess is that my docker container is having issues routing to the broker? I only see this error in my docker deployment, but not in the development environment (which is also in a docker container), so I’m a bit at a loss.
`

I realized I didn’t answer @brocaar question. I’m actually not sure what you are referring to when you say the MQTT forwarder? The code changes I mentioned above were in integration/mqtt.rs and gateway/backend/mqtt.rs in the latest version of chirpstack (version 4.4.3).

I had initially tried a lot of different combinations with and without the trailing ‘/’ and with and without the port number and the protocol types, which did not resolve the issue.

I tried running this command to start up the docker image:

docker-compose run --rm --service-ports --name chirpstack --user root --entrypoint sh chirpstack

And then installed the mosquitto-clients inside of alpine. I was able to successfully connect to my mqtt broker with mosquitto_pub from inside the container. So I’m still at a loss as to why I cannot get chirpstack to connect to my mqtt broker.

I think I built the container incorrectly somehow. This is the command I used to create an updated version of the container from the chirpstack git repository:

docker build --build-arg TARGETPLATFORM=linux/amd64 -t my_chirpstack .

@brocaar, Is your docker build command significantly different?

I’m getting the same error when making this change locally. Currently you should pass the ca_cert of the server in the configuration. Please create a GitHub issue here to request support for using the system CA certs (assuming the Paho MQTT library allows this): GitHub - chirpstack/chirpstack-mqtt-forwarder: ChirpStack MQTT Forwarder is a forwarder which can be installed on the gateway to forward LoRa data over MQTT..