Issue with Thin-Edge Cumulocity IoT Connection on Raspberry Pi

We are currently in the process of connecting our Raspberry Pi to our Cumulocity tenant using the steps outlined in the documentation: Connecting to Cumulocity IoT | Thin-edge documentation.

So far, everything has proceeded smoothly until we reached the command:

sudo tedge connect c8y

However, the execution of this command is being canceled, and we are encountering the following error:

ERROR: Custom { kind: InvalidData, error: InvalidCertificate(NotValidForName) }
Error: failed to connect Cumulocity cloud.

Caused by:
    Connection check failed

We have followed the certificate creation process diligently, and it completed without any issues. Despite this, the connection check is failing, and the certificate appears to be the source of the problem.

Do any of you have insights into why we might be facing this issue? We would appreciate any assistance or guidance you can provide to help us resolve this matter.

Hi @benjamin.ruoff

did you double check if the certificate has been uploaded to your tenant successfully?
You can check that in {{YourTenantURL}}/apps/devicemanagement/index.html#/trusted-certificates

Which deviceID do you use to create the device certificate?

You can also activate more detailed debugging information using the modified connect command:

RUST_LOG=trace tedge connect c8y

The output will be very verbose, but it should help to identify which certificate it is having a problem with (e.g. server certificate or the device’s certificate).

And generally detailing which thin-edge.io version would also be helpful.

Hi Stefan, yeah we checked it over the Cumulocity Web UI and the Certificate was uploaded correctly. The deviceID we gave the device was WL02Berlin

checking that and coming back to you.

and additionally is there anything different we need to do if we have an advanced tenant with a custom domain configured and our own wildcard SSL certificate for the domain? Because we are not making the call directly to cumulocity.com but rather to customertenant.wains.info

Ah yes that is the tip that I needed.

If you’re using a custom domain, then the custom domain is only valid for the HTTP traffic and not MQTT.

Instead of calling tedge config set c8y.url, you need to configure two separate configuration items to let thin-edge.io know which endpoints should be used for the HTTP and MQTT communication:

1. Set the c8y.http using your custom domain name

   sudo tedge config set c8y.http "mycustom.domain.com"
   

2. Set the c8y.mqtt endpoint to the “real” Cumulocity IoT Endpoint for your tenant

   sudo tedge config set c8y.mqtt "mytenant.eu-latest.cumulocity.com"
   

3. Retry the connect

   sudo tedge reconnect c8y
   

I’ll also create a ticket to add this instructions to the official doc page.

Ah nice ok, that makes sense.

So one last questions.

we have a sub-tenant on cumulocity.com would it be

"sub-tenant-name.cumulocity.com"

or

"tenantId.cumulocity.com"

for the mqtt part?

Yes I think that should be correct.

But checking it should be easy, because you should still be able to open up the underlying Cumulocity IoT url in a web browser to check that it is really reachable, though I haven’t used the custom domain feature too often, so I might be wrong there.

Hi Reuben,

thank you for your help.

Now it works

Wishing you a Merry Christmas and a Happy New Year!

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.