Hey folks,
I’m attempting to set up Home Assistant with a mosiquitto instance that is using self-signed certs.
I’ve followed the instructions here to setup the SSL:
I’ve confirmed that I can connect with mosquitto with other clients (i.e. MQTT.fx can connect to my mosquitto server just fine).
If I remove the TLS configuration from mosquitto, I can get HA to connect just fine. But when TLS is enabled, Home Assistant won’t connect and I get an error: certificate verify failed: self signed certificate (_ssl.c:1076)
The only thing I can figure out is that HA isn’t actually respecting the tls_insecure: true in the mtqq config.
Anyone else have this same setup working?
Any hints on how to fix this?
Thanks!
Kevin
Details:
Home Assistant configuration:
mqtt:
broker: <IP Address>
port: 8883
username: mosquitto
password: !secret MQTT_KEY
tls_insecure: true
tls_version: "1.2"
certificate: mosquitto/mqtt-ca.crt
mosquitto configuration:
port 1883
allow_anonymous false
password_file /mosquitto/config/credentials
listener 8883
tls_version tlsv1.2
cafile /mosquitto/config/certs/mqtt-ca.crt
certfile /mosquitto/config/certs/mqtt-srv.crt
keyfile /mosquitto/config/certs/mqtt-srv.key
Errors
from mosquitto:
1571519160: New connection from 10.4.20.3 on port 8883.
1571519160: OpenSSL Error: error:14037418:SSL routines:ACCEPT_SR_KEY_EXCH:tlsv1 alert unknown ca
1571519160: OpenSSL Error: error:140370E5:SSL routines:ACCEPT_SR_KEY_EXCH:ssl handshake failure
1571519160: Socket error on client <unknown>, disconnecting.
from Home Assistant:
Failed to connect due to exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1076)