MQTT broke overnight

My MQTT setup through HA seems to have broken overnight after working quite well for months.

Relevant info:

  • Mosquitto broker Add-on [version: 5.1]
    Config:

    logins: []
    anonymous: false
    customize:
      active: false
      folder: mosquitto
    certfile: fullchain.pem
    keyfile: privkey.pem
    require_certificate: false
    
  • MQTT Integration (Can’t connect either)
    Config:
    Screenshot from 2020-12-03 15-59-54

  • The user “mqtt_device” is set up in the HA users for all the MQTT devices I have.

  • HA version 0.118.4

  • OS version HassOS 4.17

  • Raspberry Pi 3B+

  • Here’s a sample of the logs from Mosquitto:

    [15:58:29] INFO: Setup mosquitto configuration
    [15:58:29] INFO: No local user available
    [15:58:30] INFO: Initialize Hass.io Add-on services
    [15:58:31] INFO: Initialize Home Assistant discovery
    [15:58:31] INFO: Start Mosquitto daemon
    1607032711: mosquitto version 1.6.3 starting
    1607032711: Config loaded from /etc/mosquitto.conf.
    1607032711: Loading plugin: /usr/share/mosquitto/auth-plug.so
    1607032711: |-- *** auth-plug: startup
    1607032711:  ├── Username/password checking enabled.
    1607032711:  ├── TLS-PSK checking enabled.
    1607032711:  └── Extended authentication not enabled.
    1607032711: Opening ipv4 listen socket on port 1883.
    1607032711: Opening ipv6 listen socket on port 1883.
    1607032711: Opening websockets listen socket on port 1884.
    1607032711: Opening ipv4 listen socket on port 8883.
    1607032711: Opening ipv6 listen socket on port 8883.
    1607032711: Opening websockets listen socket on port 8884.
    1607032711: Warning: Mosquitto should not be run as root/administrator.
    1607032720: New connection from 192.168.69.60 on port 1883.
    [ERROR] Auth error with mqtt_device
    1607032722: Socket error on client <unknown>, disconnecting.
    1607032722: New connection from 192.168.69.62 on port 1883.
    1607032722: Socket error on client <unknown>, disconnecting.
    
  • Here’s an example log from a device side (MagicHome LED light controller flashed with Tasmota):

    00:00:00 CFG: Loaded from flash at F8, Count 212
    00:00:00 QPC: Count 1
    00:00:00 Project tasmota bookshelf_leds Version 9.1.0(tasmota)-2_7_4_5
    00:00:00 WIF: Connecting to AP1 [MY_IOT_NETWORK] Channel 11 BSSId 76:83:C2:9C:05:42 in mode 11N as bookshelf_leds-7515...
    00:00:01 WIF: Connected
    00:00:02 HTP: Web server active on bookshelf_leds-7515 with IP address 192.168.69.60
    00:00:03 MQT: Attempting connection...
    00:00:03 MQT: Connect failed to 192.168.69.34:1883, rc 5. Retry in 10 sec
    00:00:06 QPC: Reset
    00:00:14 MQT: Attempting connection...
    00:00:14 MQT: Connect failed to 192.168.69.34:1883, rc 5. Retry in 10 sec
    
  • The IP/Port 192.168.69.34:1883 referenced here is my MQTT broker/HA instance.

I swear I’ve checked username/password like 5 times on each device too.

Also I don’t have any lines in confuration.yaml having to do with MQTT. I’ve seen some other post with similar issues, but there didn’t seem to be a resolution.

Thanks!

Fixed it myself… and I’m an idiot as always. I added a “trusted_network” auth to my config.yaml and didn’t add the docker 172.0.0.0/8 network. I just removed the trusted_network auth for simplicity.

Could you explain what

a “trusted_network” auth to my config.yaml

is?
Most of my devices (that have been running for years stopped working and are showing rc=-2 (Connection Refused: Identifier rejected). The only things still connecting to Mosquitto are Sonoff’s running Tasmota.

Thanks,
-Mike

Sure!
From the docs:

The Trusted Networks auth provider defines a range of IP addresses for which no authentication will be required (also known as “whitelisting”). For example, you can whitelist your local network so you won’t be prompted for a password if you access Home Assistant from inside your home.

Not sure if that will help with your issue though…

Most of my devices (that have been running for years stopped working and are showing rc=-2 (Connection Refused: Identifier rejected). The only things still connecting to Mosquitto are Sonoff’s running Tasmota.

I am having the same issue. I have two tasmota mqtt devices that continue to work, but one other non-tasmota mqtt device which has stopped working (rc=-2 when attempting to connect). Did you ever find the solution?

As I recall, it was because hassio.local decided to rename itself hassio2.local, or 3, or 4. It kept changing it’s name. Devices that accessed by name quit working. The tasmota Devices were configured with the IP address, so they still worked.
-Mike