Can't connect to HiveMQ Cloud using MQTTS on Quectel Module

raywon90 · April 10, 2025, 9:28am

I’m trying to connect my Quectel module (using CAT-M1 network) to HiveMQ Cloud via MQTTS (port 8883), but the connection keeps failing with +QMTSTAT: 0,1.

Here’s what I’ve done so far:

1.Verified network connection:
AT+CEREG? → +CEREG: 0,5
AT+QIACT? → +QIACT: 1,1,1,“10.x.x.x”
AT+CSQ → +CSQ: 19,99

2.Uploaded the ISRG Root X1 certificate from Let’s Encrypt:
https://letsencrypt.org/certs/isrgrootx1.pem
Uploaded using:
AT+QFUPL=“cacert.pem”,1939,100
AT+QSSLCFG=“cacert”,0,“cacert.pem”

3.SSL and MQTT Configuration:
AT+QMTCFG=“ssl”,0,0,1
AT+QSSLCFG=“sslversion”,0,4
AT+QSSLCFG=“ciphersuite”,0,0xFFFF
AT+QSSLCFG=“seclevel”,0,1
AT+QSSLCFG=“ignorelocaltime”,0,1
AT+QSSLCFG=“sni”,0,1

4.Open and Connect:
AT+QMTOPEN=0,“xxxxxxxxxxxxxxxxxxxxxxxx.s2.eu.hivemq.cloud”,8883
→ +QMTOPEN: 0,0
AT+QMTCONN=0,“mqtt5”,“user”,“password”
→ +QMTSTAT: 0,1

Despite all of this, the connection is rejected. I’m not using any client certificate or client key, just the CA cert.

Question:
Why is the connection still failing with +QMTSTAT: 0,1 even after uploading the correct ISRG Root X1 certificate?
Is there anything I’m missing, like a required intermediate certificate or extra MQTT setting?

Thanks in advance for any help!

herbert.pan-Q · April 11, 2025, 2:18am

1.You should use the mqtt.fx tool to cross-validate the certificate
2. Can you provide the full domain name for me to verify?

raywon90 · April 14, 2025, 4:10am

66ef681437e44102b5c0a2737eba588.s2.eu.hivemq.cloud

here is full domain name

herbert.pan-Q · April 14, 2025, 5:21am

I used mqttx,mqtt.fx tool for verification, the connection also failed, please check the certificate again

raywon90 · April 14, 2025, 5:51am

In MQTTX, without uploading the certificate directly, SSL Secure + CA SIGNED SERTIFICATE is connected to normal.

herbert.pan-Q · April 15, 2025, 3:35am

Is it normal that you load the certificate using MQTTX?

raywon90 · April 15, 2025, 9:01am

AT+QCDS

+QCDS: “SRV”,“CAT-M”,45008,1550,B25210,R13,3,74,1086,-44,-64,-7,5,0,0,0,10
OK
AT+CEREG?

+CEREG: 0,5

OK
AT+QIACT=1

OK
AT+CSQ

+CSQ: 31,99

OK
AT+CFUN=1

OK
AT+CGATT=1

OK
AT+QIDNSCFG=1,“8.8.8.8”,“8.8.4.4”

OK
AT+QMTCFG=“ssl”,0,0,1

OK
AT+QSSLCFG=“sslversion”,0,4

OK
AT+QSSLCFG=“ciphersuite”,0,0xFFFF

OK
AT+QSSLCFG=“ignorelocaltime”,0,1

OK
AT+QSSLCFG=“seclevel”,0,1

OK
AT+QFUPL=“cacert.pem”,3740,100

CONNECT
+QFUPL: 3740,4c72

OK
AT+QSSLCFG=“cacert”,0,“cacert.pem”

OK
AT+QSSLCFG=“sni”,0,1

OK
AT+QMTOPEN=0,“66ef681437e44102b5c0a2737eba588.s2.eu.hivemq.cloud”,8883

OK

+QMTOPEN: 0,4

I was able to connect successfully to the broker using fullchain.pem on both MQTT.fx and MQTTX.

Now, I want to connect to the same HiveMQ account using QCOM (Quectel module).

However, even though I followed the necessary procedures, the result of AT+QMTOPEN is returning 0,4, which indicates a failure.

I would appreciate it if you could review the steps I took and help me understand what might be wrong in the process and why the result is 0,4 instead of 0,0.

I want to know the exact procedure

herbert.pan-Q · April 18, 2025, 1:31am

AT+QSSLCFG=“sslversion”,0,3

Please fix it to TLS1.2 and try again