MQTT CERTIFICATE_VERIFY_FAILED error after upgrade

Configuration
,
1

Hi,

I am running 0.80 on HassIO. After the upgrade I can’t connect to cloudmqtt any more.
This is the Error message:

ERROR (MainThread) [homeassistant.components.mqtt] Failed to connect due to exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:841)

This is my config:

mqtt:
  broker: m22.cloudmqtt.com
  port: 20897
  client_id: my_client_id
  username: !secret mqtt_user
  password: !secret mqtt_pass

I even tried this, but it had no effect.

  tls_insecure: True

Does anyone have any idea what I can do to fix this?

2

I noticed last night that CloudMQTT SSL certs had expired. They now appear to have renewed them, but I wonder if there is a change needed on the HA side to work that into the config.

3

Thank you for your reply! I was seriously doubting myself.

4

I have the same issue and i am not sure i even have ssl certs setup, as my setup is just for testing.

5

I’ve got the same issue here.
Would love to know the answer :slight_smile:

6

I also had this issue… due to the expired cert.
Tried restarting the service at cloudmqtt.com to no avail…
I’m running 0.68.1 on a Raspbian Debian 9

I got it to work, it seems, by adding the certificate: path-to-file-for-comodo-rsa-domain-validation-sha-2-w-root.ca-bundle, see https://www.cloudmqtt.com/docs-faq.html#TLS_SSL
That page refers to Comodos KB article where the bundle-file can be downloaded into a file to be referred to via the ‘certificate’ line.

The cert store on my box may be missing the needed root-ca etc… for some reason.

Example from my configuration.yaml:

mqtt:
  broker: XXX.cloudmqtt.com
  port: YYY
  username: XXXX
  password: YYYY
  certificate: /home/xxxx/.homeassistant/cloudmq.pem
3 Likes
7

Simply adding certificate: auto to my mqtt config in v0.80.3 fixed my cloudmqtt ssl issues. More info here: CloudMQTT Issues (expired certificate)

1 Like