Google IOT Core and Raspberry Pi: Error: Connection Refused: Bad username or password

Question

I followed the tutorial below to connect my raspberry pi 3 to the Google IOT Core. I setup the Google Core IOT part OK at the Google console and all steps were followed for the raspberry pi part, but, The connection is always refused as per the error messages below.

error { Error: Connection refused: Bad username or password
at MqttClient._handleConnack (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/lib/client.js:920:15)
at MqttClient._handlePacket (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/lib/client.js:350:12)
at work (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/lib/client.js:292:12)
at Writable.writable._write (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/lib/client.js:302:5)
at doWrite (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/node_modules/readable- 
stream/lib/_stream_writable.js:428:64)
at writeOrBuffer (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/node_modules/readable- 
stream/lib/_stream_writable.js:417:5)
at Writable.write (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/node_modules/readable- 
stream/lib/_stream_writable.js:334:11)
at TLSSocket.ondata (_stream_readable.js:639:20)
at emitOne (events.js:116:13)
at TLSSocket.emit (events.js:211:7) code: 4 }
close

The tutorial link: https://hub.packtpub.com/build-google-cloud-iot-application/#comment-53421

This is the top part of my index.js file:

var fs = require('fs'); 
var jwt = require('jsonwebtoken'); 
var mqtt = require('mqtt'); 
var rpiDhtSensor = require('rpi-dht-sensor'); 

var dht = new rpiDhtSensor.DHT11(2); // `2` => GPIO2 

var projectId = 'nifty-*******-******'; 
var cloudRegion = 'us-central1'; 
var registryId = 'device-registry'; 
var deviceId = 'raspberrypi'; 

var mqttHost = 'mqtt.googleapis.com'; 
var mqttPort = 8883; 
var privateKeyFile = '../certs/rsa_private.pem'; 
var algorithm = 'RS256'; 
var messageType = 'state'; // or event 

var mqttClientId = 'projects/' + projectId + '/locations/' + cloudRegion + 
'/registries/' + registryId + '/devices/' + deviceId; 
var mqttTopic = '/devices/' + deviceId + '/' + messageType; 

var connectionArgs = { 
  host: mqttHost, 
  port: mqttPort, 
  clientId: mqttClientId, 
  username: 'unused', 
  password: createJwt(projectId, privateKeyFile, algorithm), 
  protocol: 'mqtts', 
  secureProtocol: 'TLSv1_2_method' 
}; 

The tutorial doesn't say anything about downloading the Google root CA certificate so I followed this tutorial: https://raspberrypi.stackexchange.com/questions/76419/entrusted-certificates-installation

I also checked the connection route was OK by following this at Google and everything checked OK: https://cloud.google.com/iot/docs/troubleshooting

The projectID, registryID, deviceID, and region all checked correct.

I am sure it must very simple but this has frustrated me for a week now. I have trawled the internet but what ever I tried results in the same error. Is there anyone that can help?

Answer 1

Things to triple check:

1. Your project ID, registry and device names are all correct with correct case and dash vs. underscore
2. Your SSL key type matches the algorithm and specified type in the registry. I.e. if you have an RSA key, make sure it's RSA and not RSA with the x509 specified in the registry.
3. The root cert is correct... That tutorial you linked is WAY more complicated than it needs to be. Just run: wget https://pki.google.com/roots.pem to get the current roots.pem from Google.

Not to throw yet another tutorial at you, but I also literally just published a blog post with really detailed info on this with step-by-step, mostly because the other tutorials either had holes, or stale info.

One other note: I see you're using the state MQTT topic to send, that's right, but in the comment you have listed event. It's events. So if you try to send to event, that'll fail too.