Connecting to cedalo pro broker through python throws certificate has expired error

I have been trying to connect to the Pro Mosquitto MQTT broker, I am currently using a trial version.

I am attempting to connect to the broker with a python script using the paho mqtt library, I am trying to connect over the 8883 port using the username and password that I set in the management center. When connecting to the broker, I get an error message.
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129).

Where do I find the up to date certificates?



The certificates used are from Chain of Trust - Let's Encrypt.
It could be, that your ISRG Root X1 certs are not valid anymore.

You could try to download the certs and add them to your connection manually.
You will need to manually add the server certificate (.pem) to your device.
For mosquitto sub it would look like this (example path): --capath /etc/ssl/certs/

I have some updates since the last post.

I have tried the following tutorial by cedalo in the browser using Binder.

In the notebook I am able to connect to the pro Mosquitto broker. However, if I run the exact code locally, I get the same error as above.

To make things stranger, if I use the MQTT explorer to make a connection locally, I am also able to connect to the broker and publish messages. Only when I run the connection script locally with a python script, it throws the error.

After downloading the certificates (isrgrootx1.pem) to the tls_set method I no longer receive an error. But the connection is not working properly. The on_connect, on_subscribe, and on_publish callbacks also don’t trigger with the script.

Any idea what could be wrong?

getting this error on some webpages, even though the certificate is valid:

Certificate Validity.

Not Before: Sep 2 14:04:24 2022 GMT

Not After: Dec 1 14:04:23 2022 GMT

we use fortimanager version 6.4.8 so I logged into fortimanager, edited the policy on that particular fortigate (81E on 6.4.8) so that SSL inspection is set at No-Inspection, but even after that, error keeps happening.

shouldnt No-Inspection resolve this error?

Is this definitely related to Mosquitto? If so, could you please open another thread so we aren’t discussing two different topics here?