BLYNK
HOME       📲 GETTING STARTED       📗 DOCS       ❓HELP CENTER       👉 SKETCH BUILDER

SSL not authorized -> local server on public VPS

#1

Hello i setup a local server in order to the desciption for setup an local Blynk Server (servername and mail are modify for this post).

i did generate my certifiates manual with letsencrypt:

>  - Congratulations! Your certificate and chain have been saved at:
>    /etc/letsencrypt/live/myserver.de/fullchain.pem
>    Your key file has been saved at:
>    /etc/letsencrypt/live/myserver.de/privkey.pem
>    Your cert will expire on 2019-04-18. To obtain a new or tweaked
>    version of this certificate in the future, simply run
>    letsencrypt-auto again. To non-interactively renew *all* of your
>    certificates, run "letsencrypt-auto renew"

(after reboot and delete the iptable redirection)

The server Admin site can access and the manual letsencript certificate is valit (trust) when i call
https://myserver.de:9443/admin

also the app can successful connect the server via port 9443

here my log:

> Using native epoll transport.
> 15:29:08.992 INFO - Initializing gmail smtp mail transport. Username : webserverr@gmail.com. SMTP host : smtp.gmail.com:587
> 15:29:09.080 INFO - Reports : 0
> 15:29:09.083 INFO - Didn't find Let's Encrypt certificates.
> 15:29:09.083 WARN - You didn't specified 'server.host' or 'contact.email' properties in server.properties file. Automatic certificate generation is turned off. Please specify above properties for automatic certificates retrieval.
> > 15:29:09.083 INFO - **Using native openSSL provider.**
> > 15:29:10.383 INFO - HTTP API and WebSockets server listening at 8080 port.
> > 15:29:10.385 INFO - HTTPS API, WebSockets and Admin page server listening at 9443 port.
> > 15:29:10.388 INFO - Mqtt hardware server listening at 8440 port.
> > 15:29:17.468 INFO - guido..@..de Blynk-app (android-22701) joined.

so in the server.properties:

> hardware.mqtt.port=8440
> http.port=8080
> force.port.80.for.csv=false
> force.port.80.for.redirect=false
> https.port=9443
> listen.address=
> server.ssl.cert= /etc/letsencrypt/live/myserver.de/fullchain.pem
> server.ssl.key= /etc/letsencrypt/live/myserver.de/privkey.pem
> server.ssl.key.pass=
> data.folder=
> ogs.folder=./logs
> log.level=info
> user.devices.limit=50
> user.tags.limit=100
> user.dashboard.max.limit=100
> user.widget.max.size.limit=20
> user.message.quota.limit=100
> notifications.queue.limit=2000
> blocking.processor.thread.pool.limit=6
> notifications.frequency.user.quota.limit=5
> webhooks.frequency.user.quota.limit=1000
> webhooks.response.size.limit=96
> user.profile.max.size=128
> terminal.strings.pool.size=25
> map.strings.pool.size=25
> lcd.strings.pool.size=6
> table.rows.pool.size=100
> profile.save.worker.period=60000
> stats.print.worker.period=60000
> web.request.max.size=524288
> csv.export.data.points.max=43200
> hard.socket.idle.timeout=10
> enable.db=false
> enable.raw.db.data.store=false
> async.logger.ring.buffer.size=2048
> allow.reading.widget.without.active.app=false
> allow.store.ip=true
> initial.energy=100000
> admin.rootPath=/admin
> set.interface=eth
> allowed.administrator.ips=0.0.0.0/0,::/0
> admin.email=xxxxxxxxxxxxxxx
> admin.pass=xxxxxxxxxxxxxxx

When i try connect the raspbery pi to this server i get the following message:

> sudo /etc/init.d/blynkstart.sh start ..
> OnOff mode
> Connecting to: myserver.de 9443
> SSL authorization...
> SSL not authorized
> Connecting to: myserver.de 9443
> SSL authorization...
> SSL not authorized

additional i try it with index.js example but here the same result, when i connect the cloud it works, when i try connect my local blynk server i get te same message.

i stil have no idea why this issue comes up. Even the certification is installed and setup in the server setup.
I hope someone has an idea, what i did wrong.

After some more tests i found out that it must to do with the client side “server.crt”. I think i have to fill in here the certificate from the Blynk server. But I am not sure what i have to copy from where. I think it must be the letsencrypt file from the domaine myserver.de . But where i can find this? What exactly should be the name? I find in the letsencrypt directory some .pem links. I try all content and exchange the server.crt file content with all 4 link results from my letsencrypt directory of my domain.

But no success too. So may it must be a othe file, but where i have to look for fnd this? In the server dir i not see any crt files…

0 Likes

#2

What happens if you specify server.host?

0 Likes

#3

I did but its not looks different:

10:06:54.349 INFO - Using data dir ‘/opt/blynk/Blynk’
10:06:55.794 INFO - Region : local. Host : blynk******.de.
10:06:55.859 INFO - Using native epoll transport.
10:06:56.753 INFO - Initializing gmail smtp mail transport. Username : webserver***@gmail.com. SMTP host : smtp.gmail.com:587
10:06:56.890 INFO - Reports : 0
10:06:56.896 INFO - Didn’t find Let’s Encrypt certificates.
10:06:56.897 INFO - Automatic certificate generation is turned ON.
10:06:56.897 INFO - Using native openSSL provider.
10:06:58.379 INFO - HTTP API and WebSockets server listening at 8080 port.
10:06:58.382 INFO - HTTPS API, WebSockets and Admin page server listening at 9443 port.
10:06:58.392 INFO - Mqtt hardware server listening at 8440 port.

Give Blynk a Github star! => https://github.com/vshymanskyy/blynk-library-js
OnOff mode
Connecting to: blynk****.de 9443
SSL authorization…
SSL not authorized

I am sure it must have to do with the server.crt, but i don`t understand the documentation i found on the blynk site:

i think here is the solution, but where i can find the server.crt on my blynk server for copy to the cient…

0 Likes

#4

So what i read is that the pem of letsencrypt is the same content of a crt file. so i just need rename the extention. but i try use the key and certification content from letsencrypt without success… i realy frustrating now…

0 Likes

#5

seems no help for this issue?

0 Likes

#6

Here is my Blynk server launch

/usr/bin/java -jar /SAVE/blynk/server-0.41.2.jar -dataFolder /SAVE/blynk &

Here is my server.properties file

data.folder=/SAVE/blynk
server.host=larryisthemaster.larryrules.com
contact.email=lvennard@larryrules.com
admin.email=lvennard@larryrules.com
admin.pass=larryrules1
allowed.administrator.ips=192.168.1.0/24
http.port=8080
https.port=9443
logs.folder=/var/log/blynk/
enable.db=false
log.level=info
restore.host=blynk-cloud.com
hardware.mqtt.port=8440
listen.address=
product.name=Larry_Blynk
csv.export.data.points.max=43200
allow.store.ip=true
force.port.80.for.csv=false
allowed.users.list=lvennard@larryrules.com,
server.ssl.cert=/etc/keys/larry.is.the.master.crt
server.ssl.key=/etc/keys/larry.is.the.master.key

Here is the directory of my keys.

root@ffdp:/# ls /etc/keys
larry.is.the.master.crt  larry.is.the.master.csr  larry.is.the.master.key  larry.is.the.master.pem
root@ffdp:/# 

Hopefully this might give you some tips?

0 Likes

#7

Note that i have these two lines… some would say these are the most important to the server.properties file.

server.host=larryisthemaster.larryrules.com
contact.email=lvennard@larryrules.com
0 Likes

#8

It not helps, but thanks for your configurations. I will setup a local server in my Lan, inside I don’t need ssl.

0 Likes