Sensorclouds Docs
MQTT Connectivity

TLS Security

How Sensorclouds secures MQTT connections with TLS encryption

All production MQTT connections to Sensorclouds are secured with TLS encryption.

Certificate Details

  • Certificate Authority: Let's Encrypt
  • Certificate renewal: Automatic
  • TLS versions: TLS 1.2 and TLS 1.3 supported
  • Cipher suites: Modern, secure defaults

Connection Options

WSS (Port 443) — Recommended

WebSocket over TLS works through most firewalls and corporate proxies. Most MQTT client libraries support WSS connections.

wss://your-instance.sensorclouds.com:443/mqtt

MQTTS (Port 8883)

Standard MQTT over TLS. Preferred for embedded devices and IoT hardware that don't support WebSocket.

mqtts://your-instance.sensorclouds.com:8883

CA Certificate

Most modern devices and operating systems already trust Let's Encrypt certificates through their built-in CA store. If your device requires an explicit CA certificate:

  1. Download the ISRG Root X1 certificate from Let's Encrypt
  2. Configure it as the trusted CA in your MQTT client

ESP32 and similar microcontrollers may need the root CA certificate explicitly configured. See the Code Examples for platform-specific setup.

Security Best Practices

  • Always use TLS (WSS or MQTTS) in production
  • Store MQTT credentials securely on your devices — never hardcode in public repositories
  • Use unique credentials per device — never share credentials across devices
  • Rotate credentials periodically using the platform's regenerate feature
  • Configure MQTT keep-alive to detect stale connections

MQTT Topics

Complete reference for the Sensorclouds MQTT topic structure

Code Examples

MQTT connection examples for Python, Node.js, and Arduino/ESP32

On this page

Certificate DetailsConnection OptionsWSS (Port 443) — RecommendedMQTTS (Port 8883)CA CertificateSecurity Best Practices