MQTT with duckdns?


I’m running Hassio on a rp3 and cant seem to get MQTT working.

Here is my config file settings:

  broker: (have alse tried 8883 & 8123)
  username: MADE UP USERNAME
  password: MADE UP PASSWORD

And here are my settings in the frontend for MQTT:

  "plain": true,
  "ssl": false,
  "anonymous": false,
  "logins": [
      "username": "MADE UP USERNAME",
      "password": "MADE UP PASSWORD"
  "customize": {
    "active": false,
    "folder": "mosquitto"
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"

I have both port 1883 & 8883 forwarded to my internal pi IP, have tried setting it up in SSL.

Here’s the output of the MQTT log:

starting version 3.2.2
1515768578: mosquitto version 1.4.12 (build date 2017-06-01 13:03:48+0000) starting
1515768578: Config loaded from /etc/mosquitto.conf.
1515768578: Opening ipv4 listen socket on port 1883.
1515768578: Opening ipv6 listen socket on port 1883.
1515768578: Warning: Mosquitto should not be run as root/administrator.

Any ideas what I am doing wrong here?

remove https:// from the broker. mqtt isn’t using http/https protocol

Thanks, will give it ago. Do i need to specify the port?

Before you do this, what reason do you have for configuring Home Assistant to look at your DUCKDNS hostname for the MQTT server? For what purpose does it need to go OUT of your network, to resolve a device INSIDE your network?

1 Like

Completely new to this, though the reason I think (probably completely wrong here) I need it to point to my duckdns hostname is because even when I am connected to my network via wifi, I am only able to access HA through the https address.

Ever since i setup HA with Duckdns and lets encrypt, my internal IP for HA stopped working.

But your MQTT broker is not running behind SSL or via domain name. You should be able to connect to it locally just fine. Test with a Chrome Extension/App called MQTT Lens

I really hate the way hassio sets up the cert and domain. This should all be done from a reverse proxy so that it can still be used internally.

1 Like

So i just tried it with my IP and it seemed to of worked! Thanks a bunch!

BTW should I be running MQTT ssl? If so, is it just a matter of opening up the ssl port 8883 and changing the option for ssl to true?

HA is set to access my MQTT (mosquitto) through on the standard port. Mosquitto is also configured to serve via websockets protocol on 1884.

Nginx is listening at with SSL and reverseproxying to

This is letting HA communicate on the standard 1883 and letting me hit it from outside my network with auth and SSL.

I would recommend you DO NOT open your MQTT broker up to the outside world. Unless you absolutely need to access your broker from outside your network, you don’t need to forward any ports for it.

Ok sounds like i shouldn’t need to do that then.

I’ll still be able to send commands through my https session correct?

Thanks for your reply cwhits, I’m a complete noob when it comes to this so a lot of what you just said doesn’t make too much sense to me. Though looks like I got it working alright within my network :slight_smile:

Home Assistant communicates on the backend with whatever devices you have set up for it. If you are hitting a button on the front end, and it is sending an MQTT message, all of that happens on the backend. You do NOT need to be able to access the MQTT broker from outside the network to send commands through the HA GUI.

Perfect, thought that would have been the case. Thanks a bunch, it’s been quite a steep learning curve for me.

Thanks… this helped me get to the built in mqtt of HA from outside world. However what I have done is only for test setup and I most definitely cant take it to the wild as I have no SSL setup for MQTT. Although I do have hassio based lets encrypt SSL setup for hassio front end. Would you be kind enough to please provide some guidance on how I can go about doing this…

My setup so far:

  1. Raspberry Pi set as
  2. Configurator, ssh, duckdns and nginx home assistant SSL proxy enabled
  3. Port 443 on router forwards to hassio.local port 8123
  4. Port 8889 on router forwards to port 1884
  5. On phone the Owntracks preference set to private mqtt
  6. Host set to and port to 8889 with websockets toggle switch is set to on. Also to make this work I had to switch off the TLS toggle under security.
  7. In configuration.yaml I have just typed mqtt: and then under device_tracker i added - platform: owntracks
  8. On configuration.xml under http I have also included the url and location for SSL key and SSL cert contrary to the advice on the activation of nginx home assistant SSL proxy because without this the HA was inaccessible both from inside and outside of LAN. I was hoping that enabling this nginx proxy add on will help me avoid being able to access the lP with another url pointing to my home router but that did not happen…but I guess I can keep that for later issue resolution.

I have with above setup a working owntracks mqtt setup reporting my phone correctly so it felt great. What I need help with is to make this work with SSL I.e not needing to switch off the TLS on step 6. When I switch it on, it shows two fields on owntracks app and I am clueless as to what goes there.

If I have messed it up real bad I am to be blamed of course as I must have managed to confuse myself and if not I feel I am quite close to final setup. Either way your help will be hugely appreciated.

Alas I spoke too soon…I was happy that this setup was making the phone report to mqtt but when i switched off wi-fi and tried checking using 4g owntracks gave connection error…so I need more help than stipulated.i can make this setup to make phone location reported while on my local network but not from outside… so help please.

Someone did ask why from outside and I just want to be able to report device location to mqtt so I can know for instance what location a particular device is looking at HA dashboard and not just the status of Home or Away and my understanding is for this to work owntracks must be able to communicate device location even from outside of my network.

I’m using mosquitto. Is the HA MQTT listening on 1884 via websockets?

I think not. Documentation only says 1883 and 8883. I just assumed your config might apply and for some time it felt as if it did but clearly it was a false positive…:*(

Actually just checked. It says websockets 8080. I will try it now.

Ok checked… using 8080 instead of 1884 works from inside the LAN but not on 4G. Owntracks app on Android gives following error

MqttException (0) - connect timed out

did you forward the port in your router?

Yep… changed port forwarding 8889 to 8080 instead of 1884 but no luck…