Mosquitto MQTT SSL setup

I’m trying to get Mosquitto MQTT setup on my HASSIO system. I can get it working without SSL but can not get the SSL working.

This config does not work

{
  "plain": false,
  "plain_websockets": false,
  "ssl": true,
  "ssl_websockets": false,
  "anonymous": false,
  "logins": [
    {
      "username": "MY_USERNAME",
      "password": "MY_PASSWORD"
    }
  ],
  "customize": {
    "active": false,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

These two configs work

{
  "plain": false,
  "plain_websockets": false,
  "ssl": true,
  "ssl_websockets": false,
  "anonymous": false,
  "logins": [
    {
      "username": "MY_USERNAME",
      "password": "MY_PASSWORD"
    }
  ],
  "customize": {
    **"active": true,**
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

And this

{
  **"plain": true,**
  "plain_websockets": false,
  "ssl": false,
  "ssl_websockets": false,
  "anonymous": false,
  "logins": [
    {
      "username": "MY_USERNAME",
      "password": "MY_PASSWORD"
    }
  ],
  "customize": {
    "active": false,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

The only difference is either changing “Plain” to true OR changing the “customize” to true and using this at share/mosquitto/insecure.conf

listener 1883
protocol mqtt

I have certfile and keyfile at /ssl/
I’m using DuckDNS with Letsencrypt
Ports 8883 & 8884 are open in my router

My configuration.yaml file entry:

mqtt:
  broker: core-mosquitto
  username: MY_USERNAME
  password: MY_PASSWORD

Any idea why this won’t work?

2 Likes

any luck??

I never got it to work.

On the client side, how do you put the certificate?

You may need to use port 8883

its work for you?

i have same issue

Posting this here, since it might help future googlers. I was having the same problem, and managed to solve it by adding the certificate to the mqtt configuration:

mqtt: 
  broker:   !secret broker
  port:     !secret broker_port
  username: !secret broker_user
  password: !secret broker_pass
  certificate: /etc/ssl/certs/DST_Root_CA_X3.pem
2 Likes