Hi folks, I’m looking for some help with mqtt integration. I have to use certificates to auth against an external mqtt broker I’ve setup in configuration.yaml. But I’m getting errors when homeassistant tries to connect.
I have my own MQTT broker (an AWS IoT endpoint). The goal is to eventually use the Statesteam configuration to push all entity event changes up to AWS where I can persist and graph for longer. So, I’ve started work, adding the lines below to my configuration.yaml. See below:
mqtt: broker: !secret awsiot-url port: 8883 certificate: /config/certs/AmazonRootCA1.pem client_key: /config/certs/b5dd525b0f-certificate.pem.crt client_cert: /config/certs/b5dd525b0f-private.pem.key tls_version: '1.2' tls_insecure: false protocol: 3.1.1
I’ve jumped onto the console of my homeassistant container and verified the cert paths are ok. I’ve also checked these certificates and broker address from a local MQTT client. The local client connects and can publish and subscribe to topics. But with the config above in place, HomeAssistant Config check reported ok, I reboot HomeAssistant, and in my logs I see the below (and I cannot call the mqtt/publish service):
Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/config_entries.py", line 216, in async_setup hass, self File "/usr/src/homeassistant/homeassistant/components/mqtt/__init__.py", line 649, in async_setup_entry tls_version=tls_version, File "/usr/src/homeassistant/homeassistant/components/mqtt/__init__.py", line 799, in __init__ tls_version=tls_version, File "/usr/local/lib/python3.7/site-packages/paho/mqtt/client.py", line 819, in tls_set context.load_cert_chain(certfile, keyfile) ssl.SSLError: [SSL] PEM lib (_ssl.c:3880)
I’ve been working away at this for the last couple of days, and not been able to get this to work. I have a suspicion that maybe my problem relates to the chain of the root cert, rather than anything else. Any ideas?