Services not connecting to MQTT broker :

tamarix · February 15, 2021, 10:27am

Hi

Since a recent update in our server (unclear to me which update did create the issue), the chirpstack components do not connect to the mosquitto broker anymore.
The error message is:

gateway/mqtt: connecting to mqtt broker failed, will retry in 2s: Network Error : x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0

Our configuration is based on a mosquitto server with self-signed certificate based access control. Running versions are:

mosquitto: Installed: 1.5.7-1+deb10u1
loraserver: Installed: 3.4.0
lora-gateway-bridge: Installed: 3.4.0
lora-app-server: Installed: 3.5.0

All other MQTT clients, each having its own certificate, can still connect and interact with the MQTT broker. Only the chirpstack components are failing.

My on-going investigations to solve this (regenerating certificates with SAN) have not been succesful up to now.
Any hints ?
Thank you

carmine_lia · March 15, 2021, 4:09pm

Hi,
I had the same issue. I found this solution by editing systemd service:

systemctl edit chirpstack-gateway-bridge.service

write these lines and save:
[Service]
Environment="GODEBUG=x509ignoreCN=0"

It worked for me,I hope it helps you too

Greetings

tamarix · March 15, 2021, 9:31pm

Hi$

You are the best !

I had to do it as well for the network-server service as well and it worked:
systemctl edit chirpstack-network-server

Thank you !