Blynk server SSL not authorized

M4rsH · April 11, 2017, 1:04pm

Hi there guys,

I have been struggling for a while now with setting up my own Blynk Server.
My Blynk Server is setup on a VPS but I keep getting the SSL not authorized error. I’ve been trying to fix this for ages but I am all out of ideas.

I have set my server.properties logging to DEBUG and I will paste the log down below.
Other than Blynk I am also running Apache2.4 and Gitlab, but that should not matter.

From my computer I run the following nodeJS program:

#!/usr/bin/env node
var blynkToken = '.....';
//Setup blynk
var Blynk = require('blynk-library');
var blynk = new Blynk.Blynk(blynkToken,
  options= { addr:"mydomain.com", port:8441 }
);
var v0 = new blynk.VirtualPin(0);

blynk.on('connect', function() { console.log("Blynk ready."); });

The output from this program is:

Connecting to: mydomain.nl 8441
SSL authorization...
SSL not authorized

And for the Blynk server logs:

2017-04-11 15:00:03.779 DEBUG- Unpacking : static/js/login.js
2017-04-11 15:00:03.780 DEBUG- Unpacking : static/css/ng-admin.min.css
2017-04-11 15:00:03.826 DEBUG- Unpacking : static/js/admin.js
2017-04-11 15:00:03.826 DEBUG- Unpacking : static/js/enc-base64-min.js
2017-04-11 15:00:03.826 DEBUG- Unpacking : static/js/ng-admin.min.js
2017-04-11 15:00:03.863 DEBUG- Unpacking : static/js/core-min.js
2017-04-11 15:00:03.863 DEBUG- Unpacking : static/js/jquery-2.2.2.min.js
2017-04-11 15:00:03.865 DEBUG- Unpacking : static/reset/enterNewPassword.html
2017-04-11 15:00:03.908 DEBUG- Unpacking : static/js/sha256-min.js
2017-04-11 15:00:03.908 DEBUG- Unpacking : static/css/blynk.css
2017-04-11 15:00:03.908 DEBUG- Unpacking : static/login.html
2017-04-11 15:00:03.909 DEBUG- Unpacking : static/reset/site.css
2017-04-11 15:00:03.975 DEBUG- Unpacking : static/js/bootstrap.min.js
2017-04-11 15:00:03.976 DEBUG- Unpacking : static/admin.html
2017-04-11 15:00:03.977 DEBUG- Unpacking : static/favicon.ico
2017-04-11 15:00:04.013 DEBUG- Unpacking : static/reset/reset-email.html
2017-04-11 15:00:04.088 INFO - Using data dir '.'
2017-04-11 15:00:04.104 DEBUG- Using SLF4J as the default logging framework
2017-04-11 15:00:04.105 DEBUG- -Dio.netty.noUnsafe: false
2017-04-11 15:00:04.106 DEBUG- java.nio.Buffer.address: available
2017-04-11 15:00:04.107 DEBUG- sun.misc.Unsafe.theUnsafe: available
2017-04-11 15:00:04.107 DEBUG- sun.misc.Unsafe.copyMemory: available
2017-04-11 15:00:04.107 DEBUG- direct buffer constructor: available
2017-04-11 15:00:04.108 DEBUG- java.nio.Bits.unaligned: available, true
2017-04-11 15:00:04.108 DEBUG- java.nio.DirectByteBuffer.<init>(long, int): available
2017-04-11 15:00:04.109 DEBUG- java.nio.ByteBuffer.cleaner(): available
2017-04-11 15:00:04.109 DEBUG- Java version: 8
2017-04-11 15:00:04.109 DEBUG- sun.misc.Unsafe: available
2017-04-11 15:00:04.109 DEBUG- -Dio.netty.noJavassist: false
2017-04-11 15:00:04.242 DEBUG- Javassist: available
2017-04-11 15:00:04.243 DEBUG- -Dio.netty.tmpdir: /tmp (java.io.tmpdir)
2017-04-11 15:00:04.243 DEBUG- -Dio.netty.bitMode: 64 (sun.arch.data.model)
2017-04-11 15:00:04.243 DEBUG- -Dio.netty.noPreferDirect: false
2017-04-11 15:00:04.243 DEBUG- io.netty.maxDirectMemory: 921174016 bytes
2017-04-11 15:00:04.245 DEBUG- Starting reading user DB.
2017-04-11 15:00:04.599 DEBUG- Reading user DB finished.
2017-04-11 15:00:04.599 INFO - Region : local
2017-04-11 15:00:04.610 DEBUG- -Dio.netty.eventLoopThreads: 4
2017-04-11 15:00:04.626 DEBUG- -Dio.netty.noKeySetOptimization: false
2017-04-11 15:00:04.626 DEBUG- -Dio.netty.selectorAutoRebuildThreshold: 512
2017-04-11 15:00:04.627 DEBUG- org.jctools-core.MpscChunkedArrayQueue: available
2017-04-11 15:00:04.878 DEBUG- Default protocols (JDK): [TLSv1.2, TLSv1.1, TLSv1]
2017-04-11 15:00:04.878 DEBUG- Default cipher suites (JDK): [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SH$
2017-04-11 15:00:04.900 DEBUG- -Dio.netty.leakDetection.level: simple
2017-04-11 15:00:04.900 DEBUG- -Dio.netty.leakDetection.maxRecords: 4
2017-04-11 15:00:04.900 DEBUG- Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@2b72cb8a
2017-04-11 15:00:04.905 DEBUG- -Dio.netty.initialSeedUniquifier: 0x1f881e26407bfdce
2017-04-11 15:00:04.950 DEBUG- -Dio.netty.allocator.numHeapArenas: 4
2017-04-11 15:00:04.950 DEBUG- -Dio.netty.allocator.numDirectArenas: 4
2017-04-11 15:00:04.950 DEBUG- -Dio.netty.allocator.pageSize: 8192
2017-04-11 15:00:04.950 DEBUG- -Dio.netty.allocator.maxOrder: 11
2017-04-11 15:00:04.951 DEBUG- -Dio.netty.allocator.chunkSize: 16777216
2017-04-11 15:00:04.951 DEBUG- -Dio.netty.allocator.tinyCacheSize: 512
2017-04-11 15:00:04.951 DEBUG- -Dio.netty.allocator.smallCacheSize: 256
2017-04-11 15:00:04.951 DEBUG- -Dio.netty.allocator.normalCacheSize: 64
2017-04-11 15:00:04.951 DEBUG- -Dio.netty.allocator.maxCachedBufferCapacity: 32768
2017-04-11 15:00:04.951 DEBUG- -Dio.netty.allocator.cacheTrimInterval: 8192
2017-04-11 15:00:04.951 DEBUG- -Dio.netty.allocator.useCacheForAllThreads: true
2017-04-11 15:00:04.959 DEBUG- -Dio.netty.allocator.type: pooled
2017-04-11 15:00:04.959 DEBUG- -Dio.netty.threadLocalDirectBufferSize: 65536
2017-04-11 15:00:04.959 DEBUG- -Dio.netty.maxThreadLocalCharBufferSize: 16384
2017-04-11 15:00:05.009 INFO - Initializing gmail smtp mail transport. Username : example@gmail.com. SMTP host : smtp.gmail.com:587
2017-04-11 15:00:05.033 DEBUG- Generated: io.netty.util.internal.__matchers__.cc.blynk.server.core.protocol.model.messages.appllication.LoginMessageMatcher
2017-04-11 15:00:05.034 DEBUG- hard.socket.idle.timeout = 15
2017-04-11 15:00:05.055 DEBUG- -Dio.netty.buffer.bytebuf.checkAccessible: true
2017-04-11 15:00:05.055 DEBUG- Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@39655d3e
2017-04-11 15:00:05.098 DEBUG- Generated: io.netty.util.internal.__matchers__.cc.blynk.server.core.protocol.model.messages.appllication.RegisterMessageMatcher
2017-04-11 15:00:05.101 DEBUG- Generated: io.netty.util.internal.__matchers__.cc.blynk.server.core.protocol.model.messages.appllication.sharing.ShareLoginMessageMatcher
2017-04-11 15:00:05.104 DEBUG- Generated: io.netty.util.internal.__matchers__.cc.blynk.server.core.protocol.model.messages.MessageBaseMatcher
2017-04-11 15:00:05.109 DEBUG- Generated: io.netty.util.internal.__matchers__.cc.blynk.server.core.protocol.model.messages.appllication.GetServerMessageMatcher
2017-04-11 15:00:05.109 WARN - Found server certificates but no client certificate for '/home/fdekruijff/Blynk' path. Using one way ssl.
2017-04-11 15:00:05.123 DEBUG- app.socket.idle.timeout = 600
2017-04-11 15:00:05.210 DEBUG- Generated: io.netty.util.internal.__matchers__.io.netty.handler.codec.mqtt.MqttConnectMessageMatcher
2017-04-11 15:00:05.210 DEBUG- hard.socket.idle.timeout = 15
2017-04-11 15:00:05.220 DEBUG- -Dio.netty.processId: 29246 (auto-detected)
2017-04-11 15:00:05.221 DEBUG- -Djava.net.preferIPv4Stack: false
2017-04-11 15:00:05.221 DEBUG- -Djava.net.preferIPv6Addresses: false
2017-04-11 15:00:05.222 DEBUG- Loopback interface: lo (lo, 0:0:0:0:0:0:0:1%lo)
2017-04-11 15:00:05.225 DEBUG- /proc/sys/net/core/somaxconn: 1024
2017-04-11 15:00:05.226 WARN - Failed to find a usable hardware address from the network interfaces; using random bytes: 5b:df:a0:6c:ab:60:06:23
2017-04-11 15:00:05.228 DEBUG- -Dio.netty.machineId: 5b:df:a0:6c:ab:60:06:23 (auto-detected)
2017-04-11 15:00:05.250 INFO - Hardware plain tcp/ip server listening at 8442 port.
2017-04-11 15:00:05.250 INFO - Hardware SSL server listening at 8441 port.
2017-04-11 15:00:05.251 INFO - Application server listening at 8443 port.
2017-04-11 15:00:05.251 INFO - HTTP API and WebSockets server listening at 8081 port.
2017-04-11 15:00:05.251 INFO - HTTPS API, WebSockets and Admin page server listening at 9443 port.
2017-04-11 15:00:05.252 INFO - Mqtt hardware server listening at 8440 port.
2017-04-11 15:00:10.373 DEBUG- -Dio.netty.recycler.maxCapacityPerThread: 32768
2017-04-11 15:00:10.373 DEBUG- -Dio.netty.recycler.maxSharedCapacityFactor: 2
2017-04-11 15:00:10.373 DEBUG- -Dio.netty.recycler.linkCapacity: 16
2017-04-11 15:00:10.374 DEBUG- -Dio.netty.recycler.ratio: 8
2017-04-11 15:00:10.523 DEBUG- [id: 0x42a5235b, L:/136.144.139.191:8441 - R:/149.210.210.210:43115] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Things that I noticed where that it fails to find an hardware address.
It also found the server certificate, the same ones I use for Apache, but I did not specify client certificates.
And when I leave the certificates blank the same error occurs.

I hope someone can help me with this issue, I’d be really grateful!

Floris

Lichtsignaal · April 11, 2017, 3:13pm

Are you connecting on the SSL port? Because if you connect there SSL certs have to be in order. You can change your script from Node JS to not use SSL (I think it’s port 8442, not sure, it’s in the docs somewhere). You could try that to see where the problem is.

M4rsH · April 11, 2017, 8:27pm

Hi.
Thank you for your suggestion.

I think changing my NodeJS script is not solving the problem at its root. 8441 is the SSL port (pretty sure atleast). And when I specify the non-ssl port my NodeJS script crashed (lolwut)

Connecting to: mydomain.nl 8442
SSL authorization...
events.js:146
      throw err;
      ^

Error: Uncaught, unspecified "error" event. (ECONNRESET)
    at emit (events.js:144:17)
    at Blynk.error (/home/.../DoorLock/node_modules/blynk-library/blynk.js:590:8)
    at null.<anonymous> (/home/.../DoorLock/node_modules/blynk-library/blynk.js:553:48)
    at emitOne (events.js:77:13)
    at emit (events.js:169:7)
    at TLSSocket.<anonymous> (/home/.../DoorLock/node_modules/blynk-library/blynk-node.js:223:16)
    at emitOne (events.js:77:13)
    at TLSSocket.emit (events.js:169:7)
    at emitErrorNT (net.js:1256:8)
    at nextTickCallbackWith2Args (node.js:441:9)

Lichtsignaal · April 12, 2017, 4:38am

Connection should be setup like so:

  connector : new Blynk.TcpClient( options = { addr:"192.168.0.25", port:8442 } )
});

I think settting SSL connection is a bit different.

M4rsH · April 12, 2017, 8:19am

Could you elaborate some more please? Do I declare connector somewhere else? How should the program look like?
I cannot get it to work like this.

I appreciate your help however

Dmitriy · April 12, 2017, 8:23am

Hello, so did you specified some certificates in server.properties or not? Could you please clarify? Also what server version do you have?

Lichtsignaal · April 12, 2017, 8:29am

That would be in your .js script file.

M4rsH · April 12, 2017, 5:15pm

Hi Dmitriy,

I have specified the same SSL certificates used on the Apache Server. Generated for my domain name. This is a self signed certificate.
Furthermore am I Blynk 0.23.5 on Ubuntu Server 16.10

Dmitriy · April 12, 2017, 5:29pm

Please show your certificate server properties

M4rsH · April 12, 2017, 6:59pm

server.ssl.cert=/etc/apache2/ssl/certificate.nl.crt
server.ssl.key=/etc/apache2/ssl/certificate.nl.key
server.ssl.key.pass=pass