and netclient -v

I was wondering if there is something wrong with netclient because I once installed the old netclient and it also did not work with the new netmaker

Because with support we are trying different things in config unsuccessfully .

Ok, issue resolved. Due to permission de-elevation of docker in my environment, netmaker image couldn't mount on mq volume to provide the cert/security files. This shouldn't happen on standard installs.

Unrelated, but maybe useful to someone in the future: I am installing with external Caddy instance and MQ in different container from Compose. To achieve proper MQ routing, you can reverse-proxy your MQ with elevation to WSS/HTTPS using something like this:

broker.DOMAIN {
    ## ws -> wss elevation rules
    @ws {
        header Connection *Upgrade*
        header Upgrade websocket
    }
    # if applicable:
    reverse_proxy LOCAL_IP
    # necessary for websockets to elevate
    reverse_proxy @ws http://LOCAL_IP:MQ_PORT
    # Your custom certs are optional here
    tls /certs/h1/certificate.crt /certs/h1/private.key
}

In this scenario, Netmaker Server can access MQ over @ws at 0.0.0.0:8883 (or valid local IP), and external clients should be able to reach wss://broker.DOMAIN even if they accidentally tried to reach ws://broker.DOMAIN instead