XBee Cellular LTE-M has issues connecting with AWS Console

I am having issues connecting an XBee Cellular LTE-M to the AWS console. If appears to me that there is a certificate issue that is causing the socket.connect function to time out. I have reviewed the few other questions on this topic and have tried several of the fixes, but none seem to work. To date, I have:

1) removed the -ats suffix from the host name
2) tried the Starfield Root certificate as suggested in the Digi Cellular User guide
3) tried the Legacy Symantec Root certificate as suggested in this forum
4) tried the AWS Root certificates as they suggest.

Nothing seems to work. The micro-python code runs, connects to the cellular network, then grinds away until timing out with errors. I have tried both the https_test and the MQTT _publish programs with no success. Here is the code for the aws-https.py and aws-publish.py programs found at (https://github.com/digidotcom/xbee-micropython/blob/master/samples/cellular/aws/) along with the associated errors.

The HTTPS Code:

MicroPython v1.9.4-927-g7565eb7 on 2018-11-08; XBC LTE-M/NB-IoT Global with EFR32MG
Type “help()” for more information.
>>>
paste mode; Ctrl-C to cancel, Ctrl-D to finish
1=== import usocket, ussl, time, network
2=== host = b’a11y05y0u5faak’
3=== region = b’us-west-2’
4=== thing_name = b’SWR_TestSensor_1’
5=== aws_endpoint = b’%s.iot.%s.amazonaws.com’ % (host, region)
6=== ssl_params = {‘keyfile’: “/flash/cert/aws.key”,
7=== ‘certfile’: “/flash/cert/aws.crt”,
8=== ‘ca_certs’: “/flash/cert/aws.ca”}
9=== conn = network.Cellular()
10=== while not conn.isconnected():
11=== print(“waiting for network connection…”)
12=== time.sleep(4)
13=== print(“network connected”)
14=== def https_test(hostname=aws_endpoint, sslp=ssl_params):
15=== s = usocket.socket(usocket.AF_INET, usocket.SOCK_STREAM, usocket.IPPROTO_SEC)
16=== s.setblocking(False)
17=== w = ussl.wrap_socket(s, **ssl_params)
18=== print(“connecting…”)
19=== w.connect((hostname, 8443))
20=== print(“connected”)
21=== print(“sending request”)
22=== w.write(b’GET /things/%s/shadow HTTP/1.0
Host: %s

’ % (thing_name, hostname))
23=== print(“waiting for data…”)
24=== while True:
25=== data = w.read(1024)
26=== if data:
27=== print(str(data, ‘utf-8’))
28=== break
29=== w.close()
30=== print(“DONE”)
31=== https_test()
network connected
connecting…
Traceback (most recent call last):
File “”, line 31, in
File “”, line 19, in https_test
OSError: [Errno 7005] EIO

And the MQTT Publish code:

MicroPython v1.9.4-927-g7565eb7 on 2018-11-08; XBC LTE-M/NB-IoT Global with EFR32MG
Type “help()” for more information.
>>>
paste mode; Ctrl-C to cancel, Ctrl-D to finish
1=== from umqtt.simple import MQTTClient
2=== import time, network
3=== host = b’a11y05y0u5faak’
4=== region = b’us-west-2’
5=== aws_endpoint = b’%s.iot.%s.amazonaws.com’ % (host, region)
6=== ssl_params = {‘keyfile’: “/flash/cert/aws.key”,
7=== ‘certfile’: “/flash/cert/aws.crt”,
8=== ‘ca_certs’: “/flash/cert/aws.ca”}
9=== conn = network.Cellular()
10=== while not conn.isconnected():
11=== print(“waiting for network connection…”)
12=== time.sleep(4)
13=== print(“network connected”)
14=== def publish_test(clientId=“SWR_TestSensor_1”, hostname=aws_endpoint, sslp=ssl_params):
15=== c = MQTTClient(clientId, aws_endpoint, ssl=True, ssl_params=sslp)
16=== print(“connecting…”)
17=== c.connect()
18=== print(“connected”)
19=== print(“publishing message…”)
20=== c.publish(“sample/xbee”, ‘{“message”: “AWS Sample Message”}’)
21=== print(“published”)
22=== c.disconnect()
23=== print(“DONE”)
24=== publish_test()
25===
network connected
connecting…
Traceback (most recent call last):
File “”, line 24, in
File “”, line 17, in publish_test
File “/flash/lib/umqtt/simple.py”, line 72, in connect
OSError: [Errno 7005] EIO

Note than line 72 in the simple.py module is as follows: self.sock.connect((self.server, self.port))

So, I have no idea how to proceed. I think the code is right, since the only changes from the stock code on Github is that I added the unique identifier for the Xbee and the certificates (which were downloaded to the Xbee prior to execution. This leads me to believe that the certificates aren’t being accepted. Any assistance on how to move forward would be greatly appreciated. Thanks!

Jon

Just to confirm, have you made sure that the device policies for this device in AWS IoT have been configured to allow it to connect and authenticate? That is a step that is easy to miss/forget.

So I think I have it configured correctly in the AWS IoT console. I created the Thing, Policy, and Certificates (except the CA) per the instructions in the Digi Micropython Programming Guide section on “Using AWS IoT from Micropython”. I used the recommended one-step certificate creation to get the aws.crt and aws.key, then went to the AWS Trusted Resource Site to download the aws.ca root (actually I tried several as noted above). I double-checked my console and it appears that the policy is attached to the Thing and the certificate is associated with the policy. Is there a step that I might have missed here? I thought I followed the instructions pretty closely. Thanks for the response!

I wanted to add that we are having a similar problem:

Not sure what is going on, but we have a CAT1 Xbee3 that runs the MQTT Publish code sample just fine with the old Legacy Symantec Root and no -ats. We just got in a LTE-M unit and it wouldn’t work with any combination… However after a bunch of fooling with it. it just started working out of the blue with the Starfield Root certificate and the -ats included. no other changes to code, both CAT1 and LTE-M unit are on AT&T and cell connection is good. LTE-M Firmware is latest 11413. As I was writing this it started failing again, then working? it seems to be sporadic.

I am dealing with the exact same error upon calling mqtt.connect() I get [Errno 7005] EIO.
Any updates/progress on this?

I have had tons of trouble with the Xbee3 Cellular LTE-M/NB-IoT Global modem. I was able to get it working by updating to firmware 11415 and updating the ublox modem to the latest firmware (which was a struggle by itself). I was unable to get it working until I updated the ublox modem firmware to L0.0.00.00.05.08,A.02.04.

even with the updated firmware, I could only use the legacy symantec / verisign root CA cert and no -ats in the AWS server name. I cannot get it working with the Starfield certificate and the -ats server. I’m working with Digi Tech Support right now to try and resolve why it won’t work with the -ats / starfield root CA cert.

Updated to L0.0.00.00.05.08,A.02.04 and firmware 11415 for XBC LTE-M/NB-IoT Global and still having Micropython problem:

File:“”, line 58, in
File:“”, line 47, in publish_test
File “flash/lib/umqtt/simple.py”, line 61, in connect
TypeError: must use IPPROTO_SEC

Any ideas?

That’s a certificate error of some kind. Have you tried the same steps using normal python3? here’s the instructions:

https://www.digi.com/resources/documentation/digidocs/90002219/default.htm#tasks/t_test_connection.htm%3FTocPath%3DUse%2520AWS%2520IoT%2520from%2520MicroPython|_____5

I also carefully followed the instructions in this video:
https://www.youtube.com/watch?v=SlNVrZwaLNg

if all else fails I’d open up a support ticket with Digi.

Did you ever find a solution? I’m running into the same issue and I’ve tried a variety of certs and removal/inclusion of ‘-ats’ for the host. No luck so far.

did you try downloading and using “starfield.ca” instead of “aws.ca”?
https://www.digi.com/resources/documentation/digidocs/90002219/tasks/t_install_certificates.htm?TocPath=Use%20AWS%20IoT%20from%20MicroPython|_____4

According to DIGI, in some modems you need to use the Starfield Root CA instead of the Root CA provided by AWS when you generate the thing certificates
https://www.digi.com/resources/documentation/digidocs/90002219/tasks/t_install_certificates.htm?TocPath=Use%20AWS%20IoT%20from%20MicroPython|_____4