It’s been a jam-packed set of work sessions today to try to track down and figure out how to make this work. Following yesterday’s trial and errors, the first thing to fix was making a new config for mosquitto. Then, regenerating the certificates, but this time with the proper information. The firewalls were updated to allow the communication through the ports. Still receive errors, check the firewalls, check the version of ssl. The cause was a FIFO DLT bug with mosquitto. Getting the very latest version of mosquitto via the ppa feed solved that.
Now that mosquitto could run for longer, the next error was it was unable to open one of the ports. Added two useful parameters to the config to enable better logging. The error now shows the cause – the certificate was too weak. Needed to use sha256 instead of md5. Alright, so redo the certificates with that, and all ports are now working.
Through a browser, it still can’t establish a connection to the server. Likely because the certificate is self-signed. Figured out how to add the certificates and approve them, but it didn’t end up working anyway. No problem, can try certbot with let’s encrypt to get a validated certificate. However, they do not issue certificates for the way our setup currently is.
Hit a dead-end for this for now, so the next thing to do was to re-plan how this can work. Drew another system architecture and have an idea on how to make it happen. Next steps will be to start coding it.