ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED]certificate verify fail

[byronbonkers]

import time
import logging
import paho.mqtt.client as mqtt
from OpenSSL import SSL
import os
import ssl

log = logging.getLogger('RemoTV.hardware.l298n')

logging.basicConfig(level=logging.DEBUG)

sleeptime = 0.2
rotatetimes = 0.4

StepPinForward = None
StepPinBackward = None
StepPinLeft = None
StepPinRight = None


def setup(robot_config):
    global StepPinForward
    global StepPinBackward
    global StepPinLeft
    global StepPinRight
    global sleeptime
    global rotatetimes

    sleeptime = robot_config.getfloat('l298n', 'sleeptime')
    rotatetimes = robot_config.getfloat('l298n', 'rotatetimes')

    log.debug("GPIO mode : %s", str(GPIO.getmode()))

    GPIO.setwarnings(False)
    GPIO.cleanup()

    if robot_config.getboolean('tts', 'ext_chat'):  # ext_chat enabled, add motor commands
        extended_command.add_command('.set_rotate_time', set_rotate_time)
        extended_command.add_command('.set_sleep_time', set_sleep_time)

    # TODO passing these as tuples may be unnecessary, it may accept lists as well.
    StepPinForward = tuple(map(int, robot_config.get('l298n', 'StepPinForward').split(',')))
    StepPinBackward = tuple(map(int, robot_config.get('l298n', 'StepPinBackward').split(',')))
    StepPinLeft = tuple(map(int, robot_config.get('l298n', 'StepPinLeft').split(',')))
    StepPinRight = tuple(map(int, robot_config.get('l298n', 'StepPinRight').split(',')))


def on_message(client, userdata, message):
    payload = message.payload.decode('utf-8')

    GPIO.setmode(GPIO.BOARD)
    GPIO.setup(12, GPIO.OUT)
    GPIO.setup(11, GPIO.OUT)
    GPIO.setup(15, GPIO.OUT)
    GPIO.setup(16, GPIO.OUT)
    GPIO.setup(36, GPIO.OUT)
    GPIO.setup(35, GPIO.OUT)

    if payload == 'f':
        GPIO.output(12, GPIO.HIGH)
        time.sleep(sleeptime)
        GPIO.output(12, GPIO.LOW)
    if payload == 'b':
        GPIO.output(11, GPIO.HIGH)
        time.sleep(sleeptime)
        GPIO.output(11, GPIO.LOW)
    if payload == 'l':
        GPIO.output(15, GPIO.HIGH)
        time.sleep(sleeptime * rotatetimes)
        GPIO.output(15, GPIO.LOW)
    if payload == 'r':
        GPIO.output(16, GPIO.HIGH)
        time.sleep(sleeptime * rotatetimes)
        GPIO.output(16, GPIO.LOW)
    if payload == 'z':
        GPIO.output(36, GPIO.HIGH)
        time.sleep(sleeptime * rotatetimes)
        GPIO.output(36, GPIO.LOW)
    if payload == 'x':
        GPIO.output(35, GPIO.HIGH)
        time.sleep(sleeptime * rotatetimes)
        GPIO.output(35, GPIO.LOW)

ca_cert_path = "fullchain1.pem"
client = mqtt.Client()

# Set the TLS/SSL parameters for the client
client.tls_set(
    ca_certs=ca_cert_path,
    certfile='cert1.pem',
    keyfile='privkey1.pem',
    cert_reqs=ssl.CERT_REQUIRED,
    tls_version=SSL.SSLv23_METHOD
)

client.username_pw_set(username="not posting my passwd", password="lol ahah")

# client.tls_insecure_set(False)

client.on_message = on_message

client.connect('clawclan.co.uk',8083)

client.subscribe("clawmachine/controls")

client.loop_forever()

Thats the python code that I'm using to connect to my mqtt broker, I have been through multiple issues as tlsv1.3 isn't supported by pyopenssl or something, I have spent days trying to get this code to work and fixing issues, and this one has been making me lose my mind hahahahahahahahah.

My mosquitto config:

allow_anonymous false
password_file /home/pi/claw/passwordfile.txt

listener 1883 localhost

listener 8883
certfile /home/pi/claw/cert1.pem
cafile /home/pi/claw/chain1.pem
keyfile /home/pi/claw/privkey1.pem

listener 8083
protocol websockets
certfile /home/pi/claw/cert1.pem
cafile /home/pi/claw/chain1.pem
keyfile /home/pi/claw/privkey1.pem

This is the error I'm getting

pi@raspberrypi:~/claw $ python3 cac.py
Traceback (most recent call last):
  File "/home/pi/claw/cac.py", line 102, in <module>
    client.connect('clawclan.co.uk', 8083)
  File "/home/pi/.local/lib/python3.9/site-packages/paho/mqtt/client.py", line 914, in connect
    return self.reconnect()
  File "/home/pi/.local/lib/python3.9/site-packages/paho/mqtt/client.py", line 1073, in reconnect
    sock.do_handshake()
  File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1123)

If u want me to add anything, just ask, as I will be just checking for responses, for the rest of the day

Yoriz write Feb-20-2023, 06:32 AM:
Please post all code, output and errors (in their entirety) between their respective tags. Refer to BBCode help topic on how to post. Use the "Preview Post" button to make sure the code is presented as you expect before hitting the "Post Reply/Thread" button.