ESP32 stopped working with SSL connection

Solved
1

Hello Everyone,

I have a home blynk server with the built in automatic certificate renewal turned on and duckdns domain name. I used the V0.41.13 server version since it was released. I have multiple ESP32 and ESP8266 devices with SSL communication and each one worked perfectly until january 2021.

The story:

  1. Every device works perfectly with SSL communication (more than a year)
  2. On 21 of january: Blynk renews the certification successfully
  3. Everything still works
  4. On 27 of january: ESP32 devices stops working with SSL until then ESP8266 devices still works fine with SSL

I tried: reflashing / full erasing and reflashing again / using brand new ESP32 devices / upgrading Blynk server to V0.41.15 / removing and renewing the certificate, but the issue doesn’t disappear.

I can’t figure out what happened with the ESP32 devices. Have anybody experienced with same issue?

Thanks for your help!

2

Any clues in the server logs?

Pete.

3

Hello Pete,

I checked the logs. The server noticed the problem, but it is not enough information for me to solve the issue.

The log:

22:21:05.663 DEBUG- Unsecured connection attempt or not supported protocol. Channel : null. Reason : javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
22:21:10.279 DEBUG- Unsecured connection attempt or not supported protocol. Channel : null. Reason : javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
22:21:15.288 DEBUG- Unsecured connection attempt or not supported protocol. Channel : null. Reason : javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
22:21:23.771 DEBUG- Getting data for graph pin : GraphPinRequest{dashId=916090307, deviceId=0, deviceIds=[], isTag=false, pinType=VIRTUAL, pin=1, graphPeriod=TWELVE_HOURS, functionType=AVG, count=720, type=MINUT$
22:21:23.772 DEBUG- Getting data for graph pin : GraphPinRequest{dashId=916090307, deviceId=0, deviceIds=[], isTag=false, pinType=VIRTUAL, pin=2, graphPeriod=TWELVE_HOURS, functionType=AVG, count=720, type=MINUT$
22:22:01.402 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v0?value=40.7
22:22:01.458 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v1?value=40.2
22:22:01.509 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v2?value=2021/03/05-22:22:01
22:22:23.798 DEBUG- Getting data for graph pin : GraphPinRequest{dashId=916090307, deviceId=0, deviceIds=[], isTag=false, pinType=VIRTUAL, pin=1, graphPeriod=TWELVE_HOURS, functionType=AVG, count=720, type=MINUT$
22:22:23.800 DEBUG- Getting data for graph pin : GraphPinRequest{dashId=916090307, deviceId=0, deviceIds=[], isTag=false, pinType=VIRTUAL, pin=2, graphPeriod=TWELVE_HOURS, functionType=AVG, count=720, type=MINUT$
22:23:01.604 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v0?value=39.7
22:23:01.656 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v1?value=40.8
22:23:01.736 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v2?value=2021/03/05-22:23:01
22:23:23.852 DEBUG- Getting data for graph pin : GraphPinRequest{dashId=916090307, deviceId=0, deviceIds=[], isTag=false, pinType=VIRTUAL, pin=1, graphPeriod=TWELVE_HOURS, functionType=AVG, count=720, type=MINUT$
22:23:23.854 DEBUG- Getting data for graph pin : GraphPinRequest{dashId=916090307, deviceId=0, deviceIds=[], isTag=false, pinType=VIRTUAL, pin=2, graphPeriod=TWELVE_HOURS, functionType=AVG, count=720, type=MINUT$
22:24:01.923 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v0?value=39.7
22:24:01.979 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v1?value=39.7
22:24:02.030 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v2?value=2021/03/05-22:24:01
22:24:23.896 DEBUG- Getting data for graph pin : GraphPinRequest{dashId=916090307, deviceId=0, deviceIds=[], isTag=false, pinType=VIRTUAL, pin=1, graphPeriod=TWELVE_HOURS, functionType=AVG, count=720, type=MINUT$
22:24:23.898 DEBUG- Getting data for graph pin : GraphPinRequest{dashId=916090307, deviceId=0, deviceIds=[], isTag=false, pinType=VIRTUAL, pin=2, graphPeriod=TWELVE_HOURS, functionType=AVG, count=720, type=MINUT$
22:25:01.152 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v0?value=40.2
22:25:01.207 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v1?value=40.8
22:25:01.265 DEBUG- GET : /Af_tqfyEVTexbGNA4CNIsM5abXQucGOZ/update/v2?value=2021/03/05-22:25:01

4

I guess this points to a certificate issue.

Pete.

5

It is interesting. The ESP8266 devices connects easily. It takes 25-35 seconds to check the certificate. Now on ESP32 it doesn’t take any time, it refuses inmediately the connection.

22:48:14.139 → [421] Blynk v0.6.1 on ESP32
22:48:14.139 → [422] Connecting to mydomainname.duckdns.org:myport
22:48:14.687 → [959] Secure connection failed
22:48:19.153 → [5423] Connecting to mydomainname.duckdns.org:myport
22:48:19.600 → [5877] Secure connection failed

6

With ESP8266:

22:53:54.849 → [4255] Blynk v0.6.1 on ESP8266
22:54:24.848 → [34275] NTP time: Fri Mar 5 21:54:24 2021
22:54:24.848 → [34275] Connecting to mydomainname.duckdns.org:myport
22:54:26.761 → [36198] Certificate OK
22:54:26.796 → [36203] Trying to connect: 1
22:54:31.788 → [41204] NTP time: Fri Mar 5 21:54:30 2021
22:54:31.788 → [41205] Connecting to mydomainname.duckdns.org:myport
22:54:33.331 → [42752] Certificate OK
22:54:33.331 → [42764] Ready (ping: 8ms).
22:54:33.399 → [42835] Connected to Blynk!

7

Hello again Everyone,

I found out where the problem’s root is. It is some kind of issue with the Let’s Encrypt certificates in the Blynk library (…\Arduino\ArduinoIDE\portable\sketchbook\libraries\Blynk\src\certs\letencrypt_pem.h). It is still valid until 06.10.2021. ,so I don’t exactly understand, why I have issue with this.
When I changed the Let’s Encrypt certificate in the above mentioned (letencrypt_pem.h) file to my domainname’s certificate (which I got from Let’s Encrypt through Blynk), everythings work fine like before january.