MQTT add-on starts and stops by itself (halt add-on)

Hi guys,

I have this really nasty problem where my MQTT add-on starts (with default config options) and shuts down almost imediately. Here is the log.

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/mosquitto.sh
[21:46:13] INFO: Certificates found: SSL is available
cont-init: info: /etc/cont-init.d/mosquitto.sh exited 0
cont-init: info: running /etc/cont-init.d/nginx.sh
cont-init: info: /etc/cont-init.d/nginx.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun mosquitto (no readiness notification)
services-up: info: copying legacy longrun nginx (no readiness notification)
[21:46:14] INFO: Starting NGINX for authentication handling...
s6-rc: info: service legacy-services successfully started
[21:46:15] INFO: Starting mosquitto MQTT broker...
2023-10-09 21:46:15: Warning: Mosquitto should not be run as root/administrator.
2023-10-09 21:46:15: mosquitto version 2.0.17 starting
2023-10-09 21:46:15: Config loaded from /etc/mosquitto/mosquitto.conf.
2023-10-09 21:46:15: Loading plugin: /usr/share/mosquitto/go-auth.so
2023-10-09 21:46:15:  ├── Username/password checking enabled.
2023-10-09 21:46:15:  ├── TLS-PSK checking enabled.
2023-10-09 21:46:15:  └── Extended authentication not enabled.
2023-10-09 21:46:15: Opening ipv4 listen socket on port 1883.
2023-10-09 21:46:15: Opening ipv6 listen socket on port 1883.
2023-10-09 21:46:15: Opening websockets listen socket on port 1884.
2023-10-09 21:46:15: Opening ipv4 listen socket on port 8883.
2023-10-09 21:46:15: Opening ipv6 listen socket on port 8883.
**2023-10-09 21:46:15: Error: Server certificate/key are inconsistent.**
**2023-10-09 21:46:15: OpenSSL Error[0]: error:140A80B1:SSL** routines:SSL_CTX_check_private_key:no certificate assigned
[19:46:15] WARNING: Halt add-on
s6-rc: info: service legacy-services: stopping
[19:46:15] INFO: Service restart after closing
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

I have searched all over and came up with almost nothing regarding this specific problem. Most tutorials show that the add-on starts without issues. The problem is:
2023-10-09 21:46:15: Error: Server certificate/key are inconsistent.
2023-10-09 21:46:15: OpenSSL Error[0]: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned

And I have no clue where to start with this. I have removed my deprecated yaml config for MQTT but I have no idea if any remaining legacy files and folders are still in place. Please help me to clean this up as well.

Basically I have two questions

  1. How to solve: server cert key issue SSL
  2. How to remove legacy installation (files / folders)

I am running hass OS on an Odroid N2+ (homeassistant blue)
Home Assistant 2023.10.1
Supervisor 2023.10.0
Operating System 10.5
Frontend-versie: 20231005.0 - latest

Share your mqtt addon configuration yaml.

logins: []
require_certificate: false
certfile: fullchain.pem
keyfile: privkey.pem
customize:
  active: false
  folder: mosquitto

Standard port config

Hmm. That all looks ok to me. :man_shrugging:

You could open a new issue here:

The documentation suggests to delete old config files. I used to have MQTT configured in config.yaml but I have already removed those entries. What else could the old config consist of?

I submitted a bug report on github like you suggested.

I solved it by renaming fullchain.pem and privkey.pem in the SSL folder to fullchain1.pem privkey1.pem so the mosquitto add-on is unable to find these files. This apparently solved my issue (don’t fully understand why).