I have letsencrypt running in a separate container with nginx as a reverse proxy, using a wildcard cert - works great.
I am trying to run mosquito using this same domain, and thus the same certs.
HA is running in it’s own container, same with Mosquitto.
For some reason, when I connect from another computer on the network, I am able to connect using SSL (port 8883), auth works too - not that that matters much here. But the connection seems to work fine.
But, when I try to connect via HA I get the following errors in Mosquitto.
OpenSSL Error: error:140260FC:SSL routines:ACCEPT_SR_CLNT_HELLO:unknown protocol
Socket error on client , disconnecting.
New connection from 172.18.0.1 on port 8883.
OpenSSL Error: error:140260E5:SSL routines:ACCEPT_SR_CLNT_HELLO:ssl handshake failure
Socket error on client <unknown>, disconnecting.
New connection from 172.18.0.1 on port 8883.
I’ve tried a few different host addresses, but get these errors each time. I’ve tried localhost, 127.0.0.1, and also tried using the actual domain name.
what does your mosquitto.conf look like. i’m doing the exact same thing you’re doing except that I did it with a domain specific cert and it works just fine.
Thanks for getting back to me. After stepping away from this for a few hours, I came up with a solution while trying to fall asleep (of course).
I’m not sure if this is the ideal solution, but it does work.
What I’m doing now is running Mosquitto on both 1883 (normal) and 8883 (SSL) - both with authentication required. I only have 8883 open to outside my LAN. Within the LAN I’m using 1883 and having HA connect to it that way.
If you experience an error message like Failed to connect due to exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed , then add certificate: auto to your broker configuration and restart Home Assistant.
Your configuration.yaml should look like:
mqtt:
broker: mqtt_host
port: 8883
certificate: auto
...
As of today, you can’t configure MQTT with Let’s Encrypt through HomaAssistant UI
