Cannot connect to AWS IoT

I have followed the instructions for connecting a XBC LTE Cat 1 Verizon to AWS IoT as described here:

The board I’m using is the Digi XBee Cellular LTE Cat 1 Development Kit, Verizon LTE Cat 1, USA ( ). Verizon signal strength is 3 bars and I’ve successfully tested network connectivity with both the Echo server (|_____10 ) and the Daytime server (|_____3 )

I created a thing, attached a policy and downloaded / renamed the certificate files (|_____4 ) except for the now legacy VeriSign public certificate.

Since my AWS IoT host includes the “-ats” in the hostname, I downloaded the Amazon Root CA1 (2048) from this location and saved it as the file.

When testing the certificates on a desktop with Python 3 (|_____5 ), it connects successfully. I receive the expected output and it works great.

However, after I upload the three files (/flash/cert/aws.key, /flash/cert/aws.crt, /flash/cert/ with the File system Manger tool, copy and paste the Micropython version of the “test connection” code with my parameters (|_____5 ) and run with CTRL+D, I receive the following error:

Traceback (most recent call last):
File “”, line 37, in
File “”, line 24, in https_test
OSError: [Errno 7111] ECONNREFUSED

I’ve tested different file paths (relative “cert/aws.key” vs absolute “/flash/cert/aws.key”) without success. Uploading the key file through XCTU (securely as well as insecurely) didn’t change the error message received. The three files (aws.key, aws.crt, are the exact same ones that work successfully in Python3 using a Juypter Notebook.

The AWS IoT policy attached to the certificate is the most permissive.

Any help is greatly appreciated!

I have the same issue. I’m getting a slightly different error.
Traceback (most recent call last):
File “”, line 48, in
File “”, line 36, in https_test
OSError: [Errno 7005] EIO

I got mine to work.
I had to remove the -ats from the account name on the aws endpoint and use the legacy ca pem from symantec. Hope this helps.

Same problems here did you find a solution? is it related to -ats suffex?
I got it to work once without -ats but only once.

Correct. You have to remove the -ats from the account name in the endpoint url. You also have to make sure that you use the legacy PEM from Symantec. I’ve been using it like this for about a month now. Make sure that if the device restarts, that you set up the profiles again for the socket. You don’t have to reimport the certs if you don’t want to.