MQTT Server With SSL

To start this post I want to say that I have searched the forum and found loads of posts. I’ve also done a lot of Googling. I can’t find the answer to my question(s) and worryingly the posts I have found that come close either don’t have an answer or finish with the OP saying words to the effect of “I couldn’t get it to work”.

I have built a Mosquitto MQTT server on a Digital Ocean droplet. The SSL is provided by a Let’s Encrypt certificate. That is, it’s not self signed. My reason for this is long and involved but it involves data collection from sensors outside my home network.

To this server I have successfully connected

  • OwnTracks on my phone
  • ESP32 clients located in a field
  • A RPi on my home network running Zigbee2MQTT

And some other bits. Point is, I have

mosquitto_sub -h localhost -t '#'

running on the server and I can see a steady stream of these devices connecting and publishing without a problem.

But I can’t get HA to connect to this server. If I try and do it through the integration I get “Connection failed” and

[paho.mqtt.client] failed to receive on socket: [Errno 104] Connection reset by peer

In the log. If I go back to basics and configure it in the YAML, the log fills up with

[homeassistant.components.mqtt] The 'broker' option near /config/configuration.yaml:13 is deprecated, please remove it from your configuration

And it doesn’t connect. I remember in the days when we had to do everything with YAML you could specify keys like certificate: auto or specify paths to certificates but any of those options just cause the “deprecated” warning above and, since I’m using a LE certificate should theoretically not be needed.

Is there something else I need to do to get HA to connect to MQTT with SSL? This is Home Assistant OS 2022.5.4 by the way.



You need to do yaml “manual” setup.
SSL is considered advanced and cannot be done in UI

As I said - if I do that the log fills up with

[homeassistant.components.mqtt] The 'broker' option near /config/configuration.yaml:13 is deprecated, please remove it from your configuration

And MQTT isn’t set up.

Looks like you do the ui setup but also add the cert in your config

Well, that’s not clear at all. I added
certificate: auto

And nothing else and now it’s working. Thanks for pointing that out.