I have reconfigured my mosquitto instance to run over TLS and this is working fine and I have managed to get Zigbee2MQTT to connect up fine.
I cannot however get HA to connect. The front end only allows broker, username and password so I configured mqtt via configuration.yaml but that seemed to only want to connect as MQTT not MQTTS so got rejected by mosquitto.
My Mosquitto config is just
listener 8883
protocol mqtt
cafile /mosquitto/config/ca.pem
keyfile /mosquitto/config/mosquitto.key.pem
certfile /mosquitto/config/mosquitto.cert.pem
and I can connect fine over TLS from MQTT browser.
zigbee2mqtt config is then
mqtt:
base_topic: zigbee2mqtt
server: 'mqtts://mosquitto:8883'
ca: /app/data/root-ca.pem
reject_unauthorized: false
user: xxx
password: yyy
and this connects and works fine.
HA however I cannot get to work.
mqtt:
broker: <IP>
port: 8883
client_id: home_assistant
username: !secret MQTT_user
password: !secret MQTT_pass
certificate: '/config/root.ca.pem'
discovery: true
tls_insecure: true
but after fiddling around with this it either doesn’t connect at all or I see a protocol error in mosquitto (the same one I saw before I changed the server in zigbee2mqtt to mqtts)
Is this possible to achieve (even if it is via yaml) ?