Problem: OTA suddenly stopped working - the firmware from my site is not being downloaded. This has never happened, and here it is again
I use my site to remotely update microcontrollers based on ESP32. I send a link to the firmware file to a specific topic, the controller downloads and updates it. Everything worked fine on Wednesday. On Friday it suddenly stopped. What is the reason - I do not understand. The SSL certificate is installed on the site and has not expired yet. The root certificate is registered on the controller (by the way, it is used to connect to another site and everything works there!). The file is downloaded from the site perfectly fine, and the controller issues this crap:
18:43:42 [I] OTA :: Start of firmware upgrade from "https://kotyara12.ru/ota/village_garage/formware.bin", attempt 1
E (114790662) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
E (114790662) esp-tls: Failed to open new connection
E (114790662) TRANS_SSL: Failed to open a new connection
E (114790672) esp_https_ota: Failed to open HTTP connection: ESP_ERR_HTTP_CONNECT
E (114790682) esp_https_ota: Failed to establish HTTP connection
18:43:43 [E] OTA :: Firmware upgrade failed: -1!
I have already checked everything 100,500 times. I suspect that espressiff has changed something in esp-tls-mbedtls or esp-tls.
I am specifying the root certificate for the site as ISRG root X1. It is he who stands at the very top of the certificate chain for my site and some others. So - for other sites everything works fine now. And for OTA, it suddenly stopped.
Error -0x2700 seems to indicate that the CA name in the certificate does not match. Doesn’t match what? Name of my site ??? It shouldn’t! This is the root certificate.
And by the way, the skip_cert_common_name_check = true flag seems to have stopped working in OTA, for some reason