Black Lives Matter - Action and Equality. ... Adafruit is open and shipping.
0

Adafruit IO data posts to feeds halted
Moderators: adafruit_support_bill, adafruit

Forum rules
If you're posting code, please make sure your code does not include your Adafruit IO Active Key or WiFi network credentials.
Please be positive and constructive with your questions and comments.

Adafruit IO data posts to feeds halted

by biod101 on Mon Jul 06, 2020 6:34 pm

Hello,

I've been experimenting with Adafruit IO and an Adafruit Feather Huzzah ESP8266 for the last two weeks without issue-- here's posted temperature and humidity data:
https://io.adafruit.com/biod101/dashboards/adeq-multi-sensor-test

The hardware has periodically been turned off and on to document a few things and replace batteries. Upon my last cycling, it just stopped posting data. I reviewed the forums and modified the code so that the terminal would echo back any errors. Based on my serial terminal, I'm not having issues with my network, but I am getting the "Disconnected from Adafruit IO" notice.

In response, I regenerated the Adafruit IO key, modified my code accordingly, and upgraded the account to IO+ figuring there was a data limitation issue. I even tried testing a second Adafruit Feather Huzzah ESP8266 figuring that maybe the first one was damaged, but that's not fixing it. I've tried various sketches that have worked in the past, but I'm getting the same "Disconnected from Adafruit IO" notice.

All Adafruit services appear to be up - is there something wrong with my account? What else should I be looking at?

PS - yes, I also tried resetting my modem/router.

Thanks!
Last edited by biod101 on Mon Jul 06, 2020 6:48 pm, edited 1 time in total.

biod101
 
Posts: 129
Joined: Sun Apr 19, 2015 4:21 pm

Re: Adafruit IO data posts to feeds halted

by eframe on Mon Jul 06, 2020 6:47 pm

I'm having an issue connecting as well. Why do you say it appears to be up?

eframe
 
Posts: 6
Joined: Thu Aug 22, 2019 6:59 pm

Re: Adafruit IO data posts to feeds halted

by biod101 on Mon Jul 06, 2020 6:52 pm

Here it is: https://www.adafruitstatus.com

Click on the "+" associated with Adafruit IO
Last edited by biod101 on Mon Jul 06, 2020 7:06 pm, edited 1 time in total.

biod101
 
Posts: 129
Joined: Sun Apr 19, 2015 4:21 pm

Re: Adafruit IO data posts to feeds halted

by eframe on Mon Jul 06, 2020 6:58 pm

Ok, thanks.

I just updated the library version in the Arduino IDE Library Manager and it started working. Check those and make sure you're up to date.

eframe
 
Posts: 6
Joined: Thu Aug 22, 2019 6:59 pm

Re: Adafruit IO data posts to feeds halted

by biod101 on Mon Jul 06, 2020 7:13 pm

Thank You- that worked!! Something as simple as an out-of-date library cost me hours.

I'll add that to my checklist moving forward- you are a life-saver.

biod101
 
Posts: 129
Joined: Sun Apr 19, 2015 4:21 pm

Re: Adafruit IO data posts to feeds halted

by xraymike on Mon Jul 06, 2020 10:20 pm

Well that cost me considerable time and worry. Thanks for figuring out where the problem lay. Would it be possible for the folks at Adafruit galactic HQ to give us a warning before these things happen in the future?
Thanks.

xraymike
 
Posts: 9
Joined: Wed Oct 23, 2013 1:34 pm

Re: Adafruit IO data posts to feeds halted

by biod101 on Mon Jul 06, 2020 11:35 pm

Second that ;)

Perhaps something on the landing page for logged-in account holders.

Thanks!

biod101
 
Posts: 129
Joined: Sun Apr 19, 2015 4:21 pm

Re: Adafruit IO data posts to feeds halted

by brubell on Tue Jul 07, 2020 10:09 am

Perhaps something on the landing page for logged-in account holders.


We've added this, thanks!


The Adafruit IO SSL/TLS Certificate was updated yesterday. Please check this post for more information about updating the libraries: viewtopic.php?f=56&t=167114


If you're still unable to get connected to Adafruit IO, please let me know.

brubell
 
Posts: 988
Joined: Fri Jul 17, 2015 10:33 pm

Re: Adafruit IO data posts to feeds halted

by mike_kiwi on Wed Jul 08, 2020 12:28 am

Let me start by saying that this isn't any criticism of Adafruit, the incredible work they have done and their service to the community. It's a much more general observation about using TLS with the IOT in general and it seems to be a problem which needs solving.....

Our IOT devices send data to io.adafruit.com over a TLS secured connection which uses a certificate with an expiry date. As with any TLS secured connection, the server owner is well within their rights to change their certificate at any time and without notice. That isn't normally a problem because the certs are signed by a trusted root like Digicert and clients like web browsers can easily verify the authenticity.

For the IOT though, it's a big problem though because we only have the fingerprint of the current certificate in use. This makes the verification process nice and easy for the low powered, low energy IOT devices but the downside is that if the cert changes, every device will break and stay broken until the fingerprint is updated. For many devices this will involve manual intervention, perhaps even needing to physically connect to the device to re-flash it.

Even if we are given notice that the certificate will update at a particular time, everyone needs to synchronise watches and re-flash everything in their IOT at the exact time of the update (not before) or it will break.

A secondary problem is that the code seems to silently fail when the fingerprint doesn't match which causes a lot of consternation. If the device had been able to log an "invalid TLS certificate fingerprint" error then we would know straight away.

So I don't know what the fix for this is. Brainstorming some ideas:
  1. Put all the root CAs onto the IOT devices (a huge waste of precious space, might not even fit)
  2. Implement MQTT servers with long life certificates (eg 25 years) - probably won't happen for certs signed by trusted root CAs but doable for self signed certs or private root CAs
  3. Implement a feature to update the fingerprint when the server certificate changes (opens up a bunch of security issues)

Anyone got any ideas?

mike_kiwi
 
Posts: 1
Joined: Sun Jun 28, 2020 2:22 am

Re: Adafruit IO data posts to feeds halted

by brubell on Wed Jul 08, 2020 11:05 am

Hi mike, thank you. the points you bring up are valid and I'd like to see changes in this space as well :)

Put all the root CAs onto the IOT devices (a huge waste of precious space, might not even fit)

The newer ESP32 "airlift" products Adafruit makes do this. The EPS32 is used as a co-processor, it runs nina-fw which has the root CA for Adafruit IO, GCP IoT, Azure IoT, AWS IoT, and more, burned into the firmware: https://www.adafruit.com/?q=airlift

brubell
 
Posts: 988
Joined: Fri Jul 17, 2015 10:33 pm

Please be positive and constructive with your questions and comments.