Mosquitto giving connection refused errors on new installation

This started with trying to get a Weewx box to talk to HA installed on a virtual machine. That’s still my end goal, but for now I’ve simplified things and I have two raspberry pi 3b machines, one with a fresh HA image on it and one with a fresh install of raspbian lite.

I started by following these instructions for the MQTT broker configuration:

This all seems fine, but here are the results when trying to publish a message from the client machine:

pi@weatherman:/var/log $ mosquitto_pub -h 192.168.1.35 -u ha_mqtt -P password -t test -m heresamessage
Error: Connection refused

After some digging I located this post:

…which seems to indicate that I should not see user information when I go to Configuration > Integrations > MQTT Configure > Re-configure MQTT, but I do. It requires a username and password to click submit. It had the homeassistant password by default, but I’ve changed it to the ha_mqtt user that I created before the install.

One other interesting piece of information is that I am able to connect and publish messages just fine with MQTT explorer from my two windows machines. This has me a bit worried that I’ve got some sort of network problem. I’m pretty new to Home Assistant and pretty old to Raspberry Pi, so I’m hoping that I just missed something in the HA or Mosquitto setup.

Here’s the log from Mosquitto starting up. Everything looks normal to me, but I don’t know much about this stuff.

[15:07:47] INFO: Setup mosquitto configuration
[15:07:47] WARNING: SSL not enabled - No valid certs found!
[15:07:47] INFO: No local user available
[15:07:48] INFO: Initialize Hass.io Add-on services
[15:07:48] INFO: Initialize Home Assistant discovery
[15:07:48] INFO: Start Mosquitto daemon
1611785268: mosquitto version 1.6.3 starting
1611785268: Config loaded from /etc/mosquitto.conf.
1611785268: Loading plugin: /usr/share/mosquitto/auth-plug.so
1611785268: |-- *** auth-plug: startup
1611785268:  ├── Username/password checking enabled.
1611785268:  ├── TLS-PSK checking enabled.
1611785268:  └── Extended authentication not enabled.
1611785268: Opening ipv4 listen socket on port 1883.
1611785268: Opening ipv6 listen socket on port 1883.
1611785268: Opening websockets listen socket on port 1884.
1611785269: Warning: Mosquitto should not be run as root/administrator.

Can you show the addon config?

Yeah, the addon configuration is just the default. I played around with changing it to anonymous: true, but that still didn’t seem to work.

logins: []
anonymous: false
customize:
  active: false
  folder: mosquitto
certfile: fullchain.pem
keyfile: privkey.pem
require_certificate: false

Have you tried setting active to true and using the accesscontrollist and acl.conf? That is what I use. When you don’t specify a login it will use a Home Assistamt defined user. I have been running like this for a long time.

Yeah, I had gathered that a blank logins:[] section would fall back to a Hassio user, that’s why I created the additional ha_mqtt user.

Based on the feedback that I’m getting from the mosquitto_pub command, I don’t think my problem is with authorization. As a test I setup a Mosquitto broker without HA on an un-related pi and it worked the first try. When I intentionally provide an incorrect password, I get this:

pi@weatherman:~ $ mosquitto_pub -h 192.168.1.20 -u tester -P wrongpass -t test -m yo
Connection Refused: not authorised.
Error: The connection was refused.

That’s similar to, but different from the response I get from trying to publish to my Home Assistant broker, which looks like this:

pi@weatherman:~ $ mosquitto_pub -h 192.168.1.35 -u ha_mqtt -P password -t test -m yo
Error: Connection refused

Something that I may have gotten wrong, under Configuration > Integrations > MQTT > Re-configure MQTT, what credentials should that be using?

This originally had the username homeassistant and what looked like an auto-generated password. I’ve since replaced that with the ha_mqtt user that I created. Was that the wrong thing to do? I haven’t found anything on that page in the documentation.

…I’m installing samba now so I can give the access control method a shot. This poor little raspberry pi is not fast.

It should be the user you created from memory… I don’t remember it even asking. You for sure can not use homeassistant as the user it’s a reserved name. You can try deleting the integration and adding it back. I also added the homeassistant user in the ACL file as if you use MQTT discovery it uses that reserved username.

Yeah, it seems weird that the default was the homeassistant user. Right now it’s the ha_mqtt user that I created. Interestingly if I delete the integration and re-install it, it remembers the ha_mqtt user, so apparently not all files are being deleted.

Anyway, major finding on my end. I dug up an old router and plugged these things in there and everything works as expected. So it looks like it’s a problem with my network and not with Home Assistant. I won’t mark this solved just yet, but my network skills are limited so it will likely take me at least the weekend to sort this out.

1 Like

The problem appears to have been with the switch that the home assistants were plugged into. I moved the home assistant and a test raspberry pi to an old router that I dug out of a closet and everything worked perfectly. That narrowed it down to my network, so I started swapping things out. It turns out the switch I was using had a firmware update. After installing that, everything seems normal.

I currently have everything back on my normal home network. Thanks everyone for all the help.