I followed the tutorial instructions for getting started with thin-edge at thin-edge dot github dot io. I’m doing this on a Debian buster virtual machnie rather than Raspberry Pi. All of the steps go without error until I run
sudo tedge connect c8y
On that step I get the output as shown below.
I’ve searched for answers and found the instructions for setting configuration for a custom tennant, that is setting c8y.mqtt and c8y.http rather than c8y.url. I have also set c8y.root.cert.path.
Error messages / full error message screenshot / log file:
$ sudo tedge connect c8y
The system config file ‘/etc/tedge/system.toml’ doesn’t exist. Use ‘/bin/systemctl’ as a service manager.
Detected mosquitto version < 2.0.0
Checking if systemd is available.
Checking if configuration for requested bridge already exists.
Validating the bridge certificates.
Creating the device in Cumulocity cloud.
The device certificate is not trusted by Cumulocity.
Error: failed to connect Cumulocity cloud.
Caused by:
Connection check failed
Question related to a free trial, or to a production (customer) instance?
Yes, I had done that step and got no warnings or errors. I executed the command again after reading your response, and got “Certificate already exists in the cloud.”
I would check in the Cumulocity IoT Device Management application under “Trusted Certificates” to make sure the certificate is enabled and the “auto registration” option is also set (just to be sure).
But that looks ok, I would try the following:
Disable the Trusted Certificate (related to your device), wait 5 seconds, then re-enable it
On the device try to connect again
sudo tedge reconnect c8y
You can increase the log level using (this will give very detailed/but technical information about the certs being used etc.)
sudo RUST_LOG=trace tedge reconnect c8y
If that still fails, then check that your Cumulocity IoT HTTP and MQTT urls. You mentioned that you are using a custom domain, so maybe the configured c8y.http endpoint is not pointing to the same underlying Cumulocity tenant where the c8y.mqtt is pointing to. You can list the setting using the following:
tedge config get c8y.http
tedge config get c8y.mqtt
In your case I would expect the settings to be something like (not I just added the property names below to make it easier to see what value is assigned to what property):
Thank you for the pointers. When I looked at the Trusted Certificates I found my device certificate was marked as Proof of Possession incomplete. I found the instructions for completing it, performed that. Now the certificate shows Proof of Possesion complete. I disabled it for 5 seconds, re-enabled it, and tried again to connect. Again, I get “The device certificate is not trusted in Cumulocity.”
Thanks that explains everything. You are using the wrong value for the c8y.mqtt setting. So essentially you have the http and mqtt pointing to two different Cumulocity IoT instances.
I checked the custom domain, and it is pointing to t517788845.us.cumulocity.com (not on eu-latest).
So you should be able to fix it using:
sudo tedge config set c8y.mqtt "t517788845.us.cumulocity.com:8883"
sudo tedge reconnect c8y
I was able to find the underlying Cumulocity IoT tenant by opening up your custom domain (used for HTTP traffic), and just looked at the browser network calls, and found the real tenant url which is used for MQTT traffic). Or if you would prefer using some cli commands, you can get the MQTT endpoint using curl, jq and cut: