Blynk SSL Hardware Connection Issue!

My ESP8266 can’t connect to my local server using SSL!
I tried all ports from 8441 to 9443!

Here is my


#hardware ssl port

#http, plain web sockets and plain hardware port

#if this property is true csv download url will use port 80 and will ignore http.port

#if this property is true redirect_command will use 80 port and will ignore http.port

#secured https, web sockets and app port

#address to bind to. by default bounded to all interfaces

#by default server uses embedded in jar cert to simplify local server installation.
#provide either full path to files either use '.' for specifying current directory. For instance "./myfile.crt"

#by default System.getProperty("")/blynk used

#folder for logs.

#log debug level. trace|debug|info|error. Defines how precise logging will be.

#maximum number of devices allowed per account

#maximum number of tags allowed per account

#defines maximum allowed number of user dashboards. Needed to limit possible number of tokens.

#defines maximum allowed widget size in KBs as json string.

#user is limited with 100 messages per second.

#maximum allowed number of notification queue. Queue responsible for processing email, pushes, twits sending.
#Because of performance issue - those queue is processed in separate thread, this is required due
#to blocking nature of all above operations. Usually limit shouldn't be reached.

#Number of threads for performing blocking operations - push, twits, emails, db queries.
#Recommended to hold this value low unless you have to perform a lot of blocking operations.

#this setting defines how often we can send mail/tweet/push or any other notification. Specified in seconds

#this setting defines how often we can send webhooks. Specified in miliseconds

#this setting defines how big could be response for webhook GET request. Specified in kbs

#maximum size of user profile in kb's

#number of strings to store in terminal widget

#number of strings to store in map widget

#number of strings to store in lcd widget

#maximum number of rows allowed

#period in millis for saving all user DB to disk.

#period in millis for saving stats to disk.

#max size of web request in bytes, 256 kb (256x1024) is default

#maximum number of points that are fetched during CSV export
#43200 == 60 * 24 * 30 - minutes points for 1 month

#specifies maximum period of time when hardware socket could be idle. After which
#socket will be closed due to non activity. In seconds. Default value 10 if not provided.
#leave it empty for infinity timeout

#enable DB

#enable raw data storage to DB

#size of async logger ring buffer. should be increased for loads >2-3k req/sec

#when true - allows reading worker to trigger hardware even app is offline

#when enabled server will also store hardware and app IP

#initial amount of energy



#used for reset password page and certificate generation.
#by default current server IP is taken. could be replaced with more friendly hostname.
#it is recommended to override this property with your server IP to avoid possible problems of host resolving

#used for fallback page for reset user password, in most cases it should be the same as
#IP is not allowed here, it should be for Blynk app
#or * for private servers with own apps

#email used for certificate registration, could be omitted in case you already specified it in

#network interface to determine server's current IP.
#only the first characters of the interface's name are needed.
#the default setting eth will use the first ethX interface found (i.e. eth0)

#comma separated list of administrator IPs. allow access to admin UI only for those IPs.
#you may set it for to allow access for all.
#you may use CIDR notation. For instance,

# default admin name and password. that will be created on initial server start

And my arduino sketch

#define BLYNK_PRINT Serial

#include <ESP8266WiFi.h>
#include <BlynkSimpleEsp8266_SSL.h>

// You should get Auth Token in the Blynk App.
// Go to the Project Settings (nut icon).
char auth[] = "01f45ed89cf64dxxxxxxxxxxxxxx";

// Your WiFi credentials.
// Set password to "" for open networks.
char ssid[] = "TP-LINK";
char pass[] = "passpass";

void setup()
  // Debug console
  Blynk.begin(auth, ssid, pass, IPAddress(192,168,0,100), 9443);

void loop()
  // You can inject your own code or combine it with other sketches.
  // Check other examples on how to communicate with Blynk. Remember
  // to avoid delay() function!

Here is my log file!

13:05:15.499 INFO - Using data dir '.\data'
13:05:15.532 DEBUG- Starting reading user DB.
13:05:15.961 DEBUG- Reading user DB finished.
13:05:15.961 INFO - Region : local. Host :
13:05:16.684 INFO - Initializing gmail smtp mail transport. Username :			. SMTP host :
13:05:16.715 INFO - Reports : 0
13:05:16.717 INFO - Didn't find Let's Encrypt certificates.
13:05:16.717 WARN - You didn't specified '' or '' properties in file. Automatic certificate generation is turned off. Please specify above properties for automatic certificates retrieval.
13:05:16.844 DEBUG- hard.socket.idle.timeout = 10
13:05:17.271 INFO - HTTP API and WebSockets server listening at 8080 port.
13:05:17.272 INFO - HTTPS API, WebSockets and Admin page server listening at 9443 port.
13:05:17.273 INFO - Mqtt hardware server listening at 8440 port.
13:06:14.857 DEBUG- Unsecured connection attempt or not supported protocol. Channel : / Reason : io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a486f73743a203139322e332e3131382e3230303a393434330d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e380d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174650d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e390d0a466f727761726465643a20666f723d3139322e332e3131382e3230300d0a536176652d446174613a206f6e0d0a557067726164652d496e7365637572652d52657175657374733a20310d0a5669613a20312e31204368726f6d652d436f6d7072657373696f6e2d50726f78790d0a582d466f727761726465642d466f723a203139322e332e3131382e3230300d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e542031302e303b2057696e36343b2078363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f37302e302e333533382e313130205361666172692f3533372e33360d0a0d0a

I have the latest library and latest server release downloaded!
I have tried both Nodemcu and Esp8266 but failed!
I even tried Arduino with usb connection! All failed with SSL! Without SSL everything works fine!

Did you set up certificates?

You have to specify you want to use Let’s Encrypt certificate in your sketch.

Do you mean the OP needs this in the file, not the IDE sketch? I can’t find and reference to such on the IDE sketch, in either the Sketch Builder SSL examples or searching this forum.

It’s in the main configuration file


It can be placed on top of the sketch

1 Like

Got it… assuming it is always needed (I don’t use SSL, so have no idea :stuck_out_tongue_winking_eye: ), can that be added to the applicable Sketch Builder SSL examples? Perhaps a mention in the SSL session of the Server documentations as well?

1 Like

i used self signed certificates ! Can’t use Let’s encrypt as my server is not exposed to the internet. Does it mean i need Let’s Encrypt certificates specifically for using SSL?

Unfortunately you’ll have to figure it out.
You need to replace Blynk certificate with your own. We provide no instructions for that.

So why do you need SSL?

When I use SSL and an incorrect fingerprint it fails to connect on the first 2 attempts and then connects on the 3rd attempt.
When I use the following as obtained from GRC | SSL TLS HTTPS Web Server Certificate Fingerprints   it connects first time.

#define BLYNK_DEFAULT_FINGERPRINT "FD C0 7D 8D 47 97 F7 E3 07 05 D3 4E E3 BB 8E 3D C0 EA BE 1C" // OK

I am using a fairly old library version (0.5.1) but the questions I have are:

  1. Is it a bug that allows connection on the 3rd attempt with an incorrect fingerprint?
  2. If I add #define BLYNK_SSL_USE_LETSENCRYPT to the sketch do I not need to use fingerprints?

i did replace it with my own. However those were self signed certificates.

I wanted to test it out using self signed certificates before making the server publicly available.

Guys, i made my server public, assigned domain to my server and created lets encrypted certificates! I tested the certificates too but now i get error certificate not validated!
I did define to use lets encrypt in the sketch still same issue.

hi Nilava_Chowdhury, did you solve the problem ?
i need your help plz :expressionless: