FLESPI // Unable to connect to the MQTT broker: Connection Refused: not authorised

The problem

I am having problems connecting to public MQTT.

(also see issue 119064 and issue 39581, what did not solve my problem).

In my case also mqtt.flespi.io. I have set up a token with ACL in Flespi, but I keep getting an authorization error:

2024-06-07 14:38:07.523 DEBUG (MainThread) [homeassistant.components.mqtt.client] mqtt.flespi.io: connection opened 39
2024-06-07 14:38:07.523 DEBUG (MainThread) [homeassistant.components.mqtt.client] mqtt.flespi.io: Starting client misc loop
2024-06-07 14:38:07.524 DEBUG (MainThread) [homeassistant.components.mqtt.client] mqtt.flespi.io: register write 39
2024-06-07 14:38:07.528 DEBUG (MainThread) [homeassistant.components.mqtt.client] mqtt.flespi.io: unregister write 39
2024-06-07 14:38:07.549 ERROR (MainThread) [homeassistant.components.mqtt.client] Unable to connect to the MQTT broker: Connection Refused: not authorised.
2024-06-07 14:38:07.549 DEBUG (MainThread) [homeassistant.components.mqtt.client] mqtt.flespi.io: connection closed 39

What version of Home Assistant Core has the issue?

2024.6.0

What was the last working version of Home Assistant Core?

never got it working…

What type of installation are you running?

HA on Docker on Linuix

Integration causing the issue

mqtt

Link to integration documentation on our website

Diagnostics information

Troubleshooting I already did:

  1. Tried deleting the token in Flespi and creating a new. Tried different ACL’s
  2. found a similar issue at Openhab, and tried the same. This taught me to investigate if MQTT might not work with 64-byte tokens. So I tried to set up a shorter token in Flespi. Unfort. that is not possible. Only 64-byte tokens are allowed.
  3. do not use birth message (Configurations → Integrations → MQTT → Configure → Re-Configure MQTT → Submit → Untick “Enable birth message” → Submit), as per suggestion here
  4. Tried MQTT protocol v5, but that gave me an “unknown reason” error:
2024-06-07 14:37:54.572 DEBUG (MainThread) [homeassistant.components.mqtt.client] mqtt.flespi.io: connection opened 27
2024-06-07 14:37:54.573 DEBUG (MainThread) [homeassistant.components.mqtt.client] mqtt.flespi.io: Starting client misc loop
2024-06-07 14:37:54.573 DEBUG (MainThread) [homeassistant.components.mqtt.client] mqtt.flespi.io: register write 27
2024-06-07 14:37:54.575 DEBUG (MainThread) [homeassistant.components.mqtt.client] mqtt.flespi.io: unregister write 27
2024-06-07 14:37:54.599 ERROR (MainThread) [homeassistant.components.mqtt.client] Unable to connect to the MQTT broker: Connection Refused: unknown reason.
2024-06-07 14:37:54.599 DEBUG (MainThread) [homeassistant.components.mqtt.client] mqtt.flespi.io: connection closed 27

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

MQTT Token in Flespi:

{
  "ips": "",
  "enabled": true,
  "expire": 0,
  "ttl": 31536000,
  "info": "Home Assistant",
  "access": {
    "acl": [
      {
        "ids": "all",
        "methods": [
          "GET"
        ],
        "uri": "gw/devices"
      }
    ],
    "type": 2
  },
  "metadata": {}
}

Did you try with

username: "token"

and

username: token

?

Yes, with brackets I get the following pop-up:

MQTT

Failed to connect

I have also posted a help question in the Flespi Forum, here:

Thanks for this, i got it working with the bridge now. Having a local MQTT (Mosquitto) connecting to Flespi in bridge mode.

My custom config:

connection flespi
address mqtt.flespi.io:1883
bridge_attempt_unsubscribe true
cleansession true
remote_username mytokenid
try_private false
bridge_insecure false
#bridge_protocol_version mqttv5

topic # both 0 "" ""

# if it is not necessary that there are all topics, then we use a filter and specify specific topics
#topic zigbee2mqtt/# both 
#topic lumi/# both
#topic homeassistant/# out#

I recommend reconfiguring your bridge to use an encrypted connection on port 8883.

For example like here: How to connect Mosquitto MQTT Bridge to flespi?

Same issue with me suddenly today. A device had lost connection overnight and even after restarting HA it didn’t re-connect.
Re-configuring MQTT shows “Unable to connect to the MQTT broker: Connection Refused: not authorised” on the logs.

The logs of the addon look like this:

Mosquitto version 2.0.18 starting
2024-07-02 10:41:37: Config loaded from /etc/mosquitto/mosquitto.conf.
2024-07-02 10:41:37: Loading plugin: /usr/share/mosquitto/go-auth.so
2024-07-02 10:41:37: Warning: Mosquitto should not be run as root/administrator.
2024-07-02 10:41:37: ├── Username/password checking enabled.
2024-07-02 10:41:37: ├── TLS-PSK checking enabled.
2024-07-02 10:41:37: └── Extended authentication not enabled.
2024-07-02 10:41:37: Opening ipv4 listen socket on port 1883.
2024-07-02 10:41:37: Opening ipv6 listen socket on port 1883.
2024-07-02 10:41:37: Opening websockets listen socket on port 1884.
2024-07-02 10:41:37: Opening ipv4 listen socket on port 8883.
2024-07-02 10:41:37: Opening ipv6 listen socket on port 8883.
2024-07-02 10:41:37: Opening websockets listen socket on port 8884.
2024-07-02 10:41:37: mosquitto version 2.0.18 running
2024-07-02 10:41:37: New connection from ::1:57488 on port 1883.
2024-07-02 10:41:37: Client disconnected due to protocol error.
[10:41:38] INFO: Successfully send discovery information to Home Assistant.
[10:41:38] INFO: Successfully send service information to the Supervisor.
2024-07-02 10:41:45: New connection from 172.30.32.1:39455 on port 1883.
2024-07-02 10:41:45: Client 2T2zluGwT0SmKjGWMZjxDb disconnected, not authorised.
2024-07-02 10:42:07: New connection from 172.30.32.1:53631 on port 1883.
2024-07-02 10:42:07: New client connected from 172.30.32.1:53631 as 6UWSOdrpS0lIqQS0XMTKvo (p2, c1, k60, u’mqtt’).
2024-07-02 10:42:07: Client 6UWSOdrpS0lIqQS0XMTKvo disconnected.
2024-07-02 10:42:07: New connection from 172.30.32.1:37205 on port 1883.
2024-07-02 10:42:07: New client connected from 172.30.32.1:37205 as 3yAVOWae8znlDPqWMOdD8L (p2, c1, k60, u’mqtt’).
2024-07-02 10:42:07: New connection from 172.30.32.1:41135 on port 1883.
2024-07-02 10:42:07: New client connected from 172.30.32.1:41135 as 5tQP3NNtthx8okbXfpfvOU (p2, c1, k60, u’mqtt’).
2024-07-02 10:42:20: New connection from 172.30.32.1:41904 on port 1883.
2024-07-02 10:42:20: New client connected from 172.30.32.1:41904 as frigate (p2, c1, k60, u’frigate’).
2024-07-02 10:43:43: Client 3yAVOWae8znlDPqWMOdD8L has exceeded timeout, disconnecting.

If this is a connection error to the flespi broker, check that your token has not been deleted. If the token is in place, I recommend writing to the support chat at flespi.io