There have been a number of threads concerning this topic which I have read through. Unfortunately, none of them deal with the specific issue I am experiencing.
The board I’m using is the Digi XBee Cellular LTE Cat 1 Development Kit and I have created a thing, attached a policy and downloaded / renamed the certificate files as described in the Digi Micropython Programming Guide. The policy attached to the thing grants all the privileges described in the Guide.
I’ve tested the certificates with the Python 3 script (aws_https_pc.py) described in the Guide and get the expected response.
However, after I upload the three files (/flash/cert/aws.key, /flash/cert/aws.crt, /flash/cert/aws.ca) with the File system Manger tool, copy and paste the Micropython version of the “test connection” code with my parameters and run with CTRL+D, I receive an ETIMEDOUT error. This occurs using both destination ports 8443 and 8883.
I notice in previous threads that users have been having problems with ECONNREFUSED errors, indicating that the server is rejecting the connection attempt. In my case, it appears that a connection is not even being attempted.
Several other points:
a. I’ve tried using AWS endpoints both with and without the “-ats” suffix and get the same results.
b. I can connect successfully to the AWS MQTT broker using a Python 3 script running on my PC and also using Node-Red.
c. The Digi board successfully connects to a broker I’ve set up on my company’s server using Mosquitto.
Any help with this issue will be greatly appreciated.
(Note: This certificate has the same subject key identifier as the actual root certificate presented by AWS. It turns out the “Starfield Root CA” on Amazon’s website is not the root certificate.)
Thanks for your response. Should this certificate replace the “aws.ca” file or the “aws.crt” file? I’ve actually tried it both ways and neither seems to work. I should mention that I’m actually seeing “EIO” errors (rather than “ETIMEDOUT”) when I try to connect.
Yeah, I figured that the “aws.ca” file was the one that should be replaced. However, replacing it with the new certificate gave me the same results.
I’m definitely using the endpoint name containing “-ats”.
Can you update the XBee to firmware version 1012 (if this is “XBee Cellular Cat 1”, that should be the newest firmware version available in XCTU) – which includes updating the Telit firmware – and try again?
Can you confirm what ATVR and ATMV return on the XBee currently?
@tckr
Thanks for your help.
First of all, I have to apologize to you because it appears that the modem I’ve been using is an LTE-M module rather than a CAT-1.
Anyway, it looks as though we had a rather old version of firmware installed. ATVR returned “1140B” and ATMV returned “L0.0.00.00.05.06 [Feb 03 2018 13:00:41]” when I first checked them. After a couple of false starts, I did manage to update the firmware to the latest version (11412). However, I see no change when I try to connect to the AWS endpoint (with either the original root certificate or the one you directed me to).
Do you still get an ETIMEDOUT error? If so, that would seem to indicate that the AWS endpoint is in fact unreachable from your XBee, and not something wrong with the certificates, etc.
At this point I would suggest you get in touch with Hologram’s customer/technical support and see if they can shed any light on what is going on.
The fact that you still get ETIMEDOUT doing just a simple TCP connection (not TLS) to AWS IoT tells me that you are unable to make a connection to AWS IoT. Since you say you are able to use the XBee to talk to other servers, it seems unlikely that this is an issue with the XBee itself; if you were also unable to communicate to your own server, that would indicate a different issue.
I hope you’re still around – sorry I didn’t get back to you sooner.
I was able to test a SIM card from a different provider. When I try to connect to the AWS IOT MQTT server with this SIM, I get an EIO error rather than an ETIMEDOUT error.
I also tried running the sample code that you provided to create a plain TCP connection. This now appears to work – I no longer see an ETIMEDOUT error.
So it appears that with this second SIM, we’ve traded an ETIMEDOUT error for an EIO error.
The link you provided in your first comment to the CA works for me with the -ats endpoint as of today on a Cat 1 board. Digi docs also had the correct one to use, but there were a lot of options. I initially had the connection refused issue error, but they seemed to work themselves out with both time and using the example code from the Pycharm plugin. I also received the ENXIO error if I tried to remove the -ats.