Firstly, I apologize if this has already been discussed elsewhere. I’ve seen a lot of discussions and blog posts covering similar topics and parts of my particular setup but I’m having trouble finding discussion of my precise setup.
I currently have two HA setups running in my house. My main instance is connected via ethernet inside my house and the second is in my garage in order to manage my Z-Wave garage door sensors and shelly switches that I’m going to be installing to control my garage doors. I was not getting a reliable connection when I had my main instance controlling the Z-Wave. I generated a self-signed root certificate so that I could create the certificates and keys to run each of the instances using https.
I’m trying to connect the two instances via MQTT so that I can use the main instance as the controller sending and receiving MQTT messages between it and the instance in my garage. To start, I set up an MQTT broker using the Mosquitto broker Add-on and then configure the MQTT integration on the main instance to connect to this broker. The broker is set up to reference the certificate and key files that I generated for the main instance and when I test that in the MQTT integration, it appears to be working within that single instance. I am able to subscribe to a topic and I see messages published to this topic appear.
The problem comes when I try to set up the integration on the second instance. My understanding is that I should only need to set up a single broker and can set this up to run on either instance. In my case, I have configured it to run on the main instance. I then use the MQTT integration on the second instance to try to connect to the MQTT broker on the main instance but I have been unable to get this connection to succeed. I receive this message.
One additional thing that I noticed is that I assumed when connecting on the main instance that I would need to specify the client and CA certificates as well as the client key. If this is true, I also assumed that I did not need to specify a user and password but this didn’t seem to be the case. In order to connect the main instance’s MQTT integration to the broker, I did not need to specify any certificates and in fact couldn’t connect unless I provided the user and password. Maybe this is because they’re running on the same instance. Does that make sense?
I assume that when configuring the second instance, I should specify the broker as the IP address of the main instance. I have also tried specifying what I believe to be the IP address of broker itself and putting in the name of the broker. None of these appear to work. Can anyone confirm what exactly I should be entering for the broker in MQQT integration on the second instance?
For the certificates, I’m specifying the client certificates as the certificate and key that I generated for the second instance. I used the same root certificate to generate the certificates for both instances so I also specify that as a custom broker certificate in the integration. Obviously, this isn’t working.
I also can’t connect the second instance’s integration to the broker by specifying the username and password that I used to connect the main instance’s integration to the broker.
So, I’m assuming that I am not doing something correctly with the certificates and that that is breaking my ability to connect. I could try disabling all the certificates and not use ssl to see if I’m able to then connect at least by using the username and password but I’m wondering if there’s anything obviously wrong in my set up that someone that is more experienced in certificates and MQTT can point out to me.
Sorry for the novel; I’m trying to include as much info as possible to set the context so hopefully it’s not overkill. Does anyone have any suggestions as to what I’m doing wrong?