I am new to HA and try to get my existing MQTT broker connected to HA.
When I install the MQTT Integration I always the the error message that the connection failed and in the logs I find the entry:
ERROR (Thread-15 (_thread_main)) [paho.mqtt.client] Error: Unrecognised command 16
I did some research and found that my broker seems to send an irregular connect message.
My broker is a up to date Mosquitto container running the version “mosquitto version 2.0.17”
The configuration is straight forward:
log_dest file /mosquitto/log/mosquitto.log
listener 1883 0.0.0.0
Using MQTT Explorer I am able to connect to my broker - but HA does not
Any ideas what’s wrong with my configuration?
Mosquitto broker - Current version: 6.3.1
Latest version is 2.0.17
The version of the add-on has nothing to do with the version of the mosquitto packaged inside.
I also looked at the mosquitto logs and found an interesting error:
Client connection from 192.168.178.xx failed: error:1402542E:SSL routines:ACCEPT_SR_CLNT_HELLO:tlsv1 alert protocol version.
I thought that would be easily solved by configuring the required tls version down to tls1.1 - but this doesn’t solve the issue.
Error messages on both sides don’t change. Are there any possibilities to doublecheck if HA would generally be able to connect to my tls encrypted mqtt broker?
I finally found the issue and for those stumbling upon this issue, here the solution.
The error messages on both sides are really irritating, because they have nothing to do with the real issue.
Basically the issue is related to the certificates used for TLS encryption and not the used TLS version. To be more precise - the certificate provided by the MQTT server is signed by my intermediate CA which is trusted by the underlying OS in the HA container as well as HA (certify). However this is not enough for the MQTT integration and the connection has been denied due to validation issues.
Activating “Ignore broker certificate validation” didn’t made any difference. I assumed that this would just ignore any validation issues with the certificate and even would accept self-signe ssl certs. But it didn’t
To finally establish the connection to my MQTT broker I had to configure the “Broker certificate validation” to “Custom” and upload my intermediate CA certificate from the trust chain.
I don’t know what error message is provided by the used TLS library - but it would have been much easier to get a meaningful error message like: “There was an error verifying the certificate” and not “Unrecognized command 16”.