Mosquitto giving connection refused errors on new installation

frankenberrypi · January 27, 2021, 10:10pm

This started with trying to get a Weewx box to talk to HA installed on a virtual machine. That’s still my end goal, but for now I’ve simplified things and I have two raspberry pi 3b machines, one with a fresh HA image on it and one with a fresh install of raspbian lite.

I started by following these instructions for the MQTT broker configuration:

github.com

home-assistant/addons/blob/a9d1ae5ef37588ce54ac475a8b58857ce27cf167/mosquitto/DOCS.md

# Home Assistant Add-on: Mosquitto broker

## Installation

Follow these steps to get the add-on installed on your system:

1. Navigate in your Home Assistant frontend to **Supervisor** -> **Add-on Store**.
2. Find the "Mosquitto broker" add-on and click it.
3. Click on the "INSTALL" button.

## How to use

The add-on has a couple of options available. To get the add-on running:

1. Start the add-on.
2. Have some patience and wait a couple of minutes.
3. Check the add-on log output to see the result.

Create a new user for MQTT via the **Configuration** -> **Users (manage users)**.
Notes:

This file has been truncated. show original

This all seems fine, but here are the results when trying to publish a message from the client machine:

pi@weatherman:/var/log $ mosquitto_pub -h 192.168.1.35 -u ha_mqtt -P password -t test -m heresamessage
Error: Connection refused

After some digging I located this post:

…which seems to indicate that I should not see user information when I go to Configuration > Integrations > MQTT Configure > Re-configure MQTT, but I do. It requires a username and password to click submit. It had the homeassistant password by default, but I’ve changed it to the ha_mqtt user that I created before the install.

One other interesting piece of information is that I am able to connect and publish messages just fine with MQTT explorer from my two windows machines. This has me a bit worried that I’ve got some sort of network problem. I’m pretty new to Home Assistant and pretty old to Raspberry Pi, so I’m hoping that I just missed something in the HA or Mosquitto setup.

Here’s the log from Mosquitto starting up. Everything looks normal to me, but I don’t know much about this stuff.

[15:07:47] INFO: Setup mosquitto configuration
[15:07:47] WARNING: SSL not enabled - No valid certs found!
[15:07:47] INFO: No local user available
[15:07:48] INFO: Initialize Hass.io Add-on services
[15:07:48] INFO: Initialize Home Assistant discovery
[15:07:48] INFO: Start Mosquitto daemon
1611785268: mosquitto version 1.6.3 starting
1611785268: Config loaded from /etc/mosquitto.conf.
1611785268: Loading plugin: /usr/share/mosquitto/auth-plug.so
1611785268: |-- *** auth-plug: startup
1611785268:  ├── Username/password checking enabled.
1611785268:  ├── TLS-PSK checking enabled.
1611785268:  └── Extended authentication not enabled.
1611785268: Opening ipv4 listen socket on port 1883.
1611785268: Opening ipv6 listen socket on port 1883.
1611785268: Opening websockets listen socket on port 1884.
1611785269: Warning: Mosquitto should not be run as root/administrator.

DavidFW1960 · January 27, 2021, 10:14pm

Can you show the addon config?

frankenberrypi · January 27, 2021, 10:44pm

Yeah, the addon configuration is just the default. I played around with changing it to anonymous: true, but that still didn’t seem to work.

logins: []
anonymous: false
customize:
  active: false
  folder: mosquitto
certfile: fullchain.pem
keyfile: privkey.pem
require_certificate: false

DavidFW1960 · January 27, 2021, 10:55pm

Have you tried setting active to true and using the accesscontrollist and acl.conf? That is what I use. When you don’t specify a login it will use a Home Assistamt defined user. I have been running like this for a long time.

frankenberrypi · January 28, 2021, 4:10am

Yeah, I had gathered that a blank logins:[] section would fall back to a Hassio user, that’s why I created the additional ha_mqtt user.

Based on the feedback that I’m getting from the mosquitto_pub command, I don’t think my problem is with authorization. As a test I setup a Mosquitto broker without HA on an un-related pi and it worked the first try. When I intentionally provide an incorrect password, I get this:

pi@weatherman:~ $ mosquitto_pub -h 192.168.1.20 -u tester -P wrongpass -t test -m yo
Connection Refused: not authorised.
Error: The connection was refused.

That’s similar to, but different from the response I get from trying to publish to my Home Assistant broker, which looks like this:

pi@weatherman:~ $ mosquitto_pub -h 192.168.1.35 -u ha_mqtt -P password -t test -m yo
Error: Connection refused

frankenberrypi · January 28, 2021, 5:31am

Something that I may have gotten wrong, under Configuration > Integrations > MQTT > Re-configure MQTT, what credentials should that be using?

This originally had the username homeassistant and what looked like an auto-generated password. I’ve since replaced that with the ha_mqtt user that I created. Was that the wrong thing to do? I haven’t found anything on that page in the documentation.

…I’m installing samba now so I can give the access control method a shot. This poor little raspberry pi is not fast.

DavidFW1960 · January 28, 2021, 6:27am

It should be the user you created from memory… I don’t remember it even asking. You for sure can not use homeassistant as the user it’s a reserved name. You can try deleting the integration and adding it back. I also added the homeassistant user in the ACL file as if you use MQTT discovery it uses that reserved username.

frankenberrypi · January 28, 2021, 6:43pm

Yeah, it seems weird that the default was the homeassistant user. Right now it’s the ha_mqtt user that I created. Interestingly if I delete the integration and re-install it, it remembers the ha_mqtt user, so apparently not all files are being deleted.

Anyway, major finding on my end. I dug up an old router and plugged these things in there and everything works as expected. So it looks like it’s a problem with my network and not with Home Assistant. I won’t mark this solved just yet, but my network skills are limited so it will likely take me at least the weekend to sort this out.

frankenberrypi · January 29, 2021, 4:39am

The problem appears to have been with the switch that the home assistants were plugged into. I moved the home assistant and a test raspberry pi to an old router that I dug out of a closet and everything worked perfectly. That narrowed it down to my network, so I started swapping things out. It turns out the switch I was using had a firmware update. After installing that, everything seems normal.

I currently have everything back on my normal home network. Thanks everyone for all the help.