I've tried to run this exemple from flespi web site: "https://flespi.com/blog/how-to-connect-esp8266-to-secure-mqtt-broker-know-it-all-and-get-it-done-approach" without success, I just want to Know if that step's still correct:

"Note: to connect to MQTT broker via MQTT over SSL with Adafruit library you need to get a SHA1 fingerprint of flespi.io certificate and use it to establish a connection."

When I exported the certificate this is what I saw in the detail: "SHA256" and not SHA1. Maybe this is something that is not anymore compatible. Or maybe I just do not have understand correctly.

At the mentioned firmware there are something like this:

#define FLESPI_CERT_FINGERPRINT "3B BC 95 33 E5 AB C1 1C C8 FC 37 57 F2 94 2C 43 8E 3B 66 F3"

When I exported that certificate I thought I will find something similar to this above.. someone could help me with this please ?

ricardotavas, check the certificate export video in the other thread: https://forum.flespi.com/d/157-mqtt-broker-certificate/7
There is a SHA1 and SHA256 fingerprints displayed on browser certificate details dialog, before switching to the last Details tab

Ok, I found the fingerprint easily on firefox browser, but I still can't connect to flespi.io. So, do this fingerprint the only requirement to connect it in ssl connection? I mean, probably it require some code from server certificate... but, in this example I can't see where I can put it.. Just more one thing, when I use plain mqtt protocol without ssl it works fine.

ok, I am testing in Arduino with the board "Generic ESP8266 Module", and I get from the serial monitor the follow information :

WiFi connected
IP address:
192.168.1.61
Connecting to mqtt.flespi.io
Connection failed. Halting execution.

I hope to hear you soon.. thanks

ricardotavas BTW, the fingerprint in the example is actual.

Here's the result, probably the reset after crash is because the software watchdog.:

load 0x4010f000, len 1392, room 16
tail 0
chksum 0xd0
csum 0xd0
v3d128e5c
_ld
ESP8266: flespi MQTT over SSL example

Connecting to RGT-CONVIDADO
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 8
cnt

connected with RGT-CONVIDADO, channel 11
dhcp client start...
ip:192.168.1.61,mask:255.255.255.0,gw:192.168.1.1
scandone
.
WiFi connected
IP address:
192.168.1.61
Connecting to mqtt.flespi.io
Connection failed. Halting execution.

Soft WDT reset

stack>>>
ctx: cont
sp: 3ffffd10 end: 3fffffc0 offset: 01b0
3ffffec0: 3ffe864a 3ffee830 3ffee868 4020146f

3ffffed0: 40208d78 00000000 00003a98 feefeffe

3ffffee0: 3ffee750 3fff0d44 3fff1254 3fff0f44

3ffffef0: 00000000 00000000 3fff1254 00000000

3fffff00: 00000000 00000000 00000000 00000000

3fffff10: 00000000 3fff1fac 3fff0e6c 3fff60fc

3fffff20: 3fff0d7c 00000000 00000000 00000000

3fffff30: 00004145 00000255 feef0000 00000000

3fffff40: 00000000 00000000 00000000 00000000

3fffff50: 00000000 00000000 00000000 00000000

3fffff60: 00000000 00000000 00000000 fe000000

3fffff70: 00000000 00000000 00000000 00000000

3fffff80: feefef00 00000000 00000000 00000000

3fffff90: 00000000 00000000 00000000 feefeffe

3fffffa0: 3fffdad0 00000000 3ffee8b0 4020690c

3fffffb0: feefeffe feefeffe 3ffe84e8 40100b95

<<<stack<<<

ets Jan 8 2013,rst cause:1, boot mode: (3,7)

Thanks

OK, That update fix the problem, now it is working. More one question, is there a way to accept only requests on the 8883 port, and block 1883? I realized that I am publishing on 8883 but I am reading on 1883 in other device..
Thanks.

ricardotavas
There is no such feature in flespi MQTT broker. The only way to block these requests is to block them on your side, e.g. using firewall.

Hi i am trying to make this work with an esp32 but the client.setFingerprint(FLESPI_CERT_FINGERPRINT); isn't in the wificlientsecurity.

A working example for ESP8266/ESP32 with mqtts (mqtt secure / tls / root CA / fingerprint) can be found here:
https://github.com/flespi-software/ESP32-ESP8266_mqtts