Strange problem with my mosquitto broker

The last 24 hours I am messing with HA (trying to add some integrations and addons) and probably I changed something that I shouldn’t.

Since May I have connected some meross switches in HA with MQTT in local network and they working fine. Today although they are still connected with HA and everything is working the switches are blinking red as if they are not connected.

Does anyone understand from the below logs what is the problem?

logins: []
anonymous: false
customize:
  active: false
  folder: mosquitto
certfile: fullchain.pem
keyfile: privkey.pem
require_certificate: false

1629907721: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907721: Socket error on client <unknown>, disconnecting.
1629907721: New connection from 192.168.1.47 on port 8883.
1629907721: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907721: Socket error on client <unknown>, disconnecting.
1629907721: Client connection from 192.168.1.49 failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher.
1629907721: New connection from 192.168.1.48 on port 8883.
1629907721: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907721: Socket error on client <unknown>, disconnecting.
1629907722: New connection from 192.168.1.51 on port 8883.
1629907722: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907722: Socket error on client <unknown>, disconnecting.
1629907723: Client connection from 192.168.1.53 failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher.
1629907724: New connection from 192.168.1.50 on port 8883.
1629907724: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907724: Socket error on client <unknown>, disconnecting.
1629907725: New connection from 192.168.1.52 on port 8883.
1629907725: New connection from 192.168.1.49 on port 8883.
1629907725: New connection from 192.168.1.47 on port 8883.
1629907725: New connection from 192.168.1.48 on port 8883.
1629907725: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907725: Socket error on client <unknown>, disconnecting.
1629907725: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907725: Socket error on client <unknown>, disconnecting.
1629907725: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907725: Socket error on client <unknown>, disconnecting.
1629907725: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907725: Socket error on client <unknown>, disconnecting.
1629907726: New connection from 192.168.1.51 on port 8883.
1629907726: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907726: Socket error on client <unknown>, disconnecting.
1629907727: New connection from 192.168.1.53 on port 8883.
1629907727: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907727: Socket error on client <unknown>, disconnecting.
1629907728: New connection from 192.168.1.50 on port 8883.
1629907728: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907728: Socket error on client <unknown>, disconnecting.
1629907729: New connection from 192.168.1.52 on port 8883.
1629907729: New connection from 192.168.1.49 on port 8883.
1629907729: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907729: Socket error on client <unknown>, disconnecting.
1629907729: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907729: Socket error on client <unknown>, disconnecting.
1629907729: New connection from 192.168.1.47 on port 8883.
1629907729: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907729: Socket error on client <unknown>, disconnecting.
1629907729: New connection from 192.168.1.48 on port 8883.
1629907729: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907729: Socket error on client <unknown>, disconnecting.
1629907730: New connection from 192.168.1.51 on port 8883.
1629907730: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907730: Socket error on client <unknown>, disconnecting.
1629907731: New connection from 192.168.1.53 on port 8883.
1629907731: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907731: Socket error on client <unknown>, disconnecting.
1629907732: New connection from 192.168.1.50 on port 8883.
1629907732: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907732: Socket error on client <unknown>, disconnecting.
1629907733: New connection from 192.168.1.52 on port 8883.
1629907733: New connection from 192.168.1.49 on port 8883.
1629907733: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907733: Socket error on client <unknown>, disconnecting.
1629907733: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907733: Socket error on client <unknown>, disconnecting.
1629907733: New connection from 192.168.1.47 on port 8883.
1629907733: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907733: Socket error on client <unknown>, disconnecting.
1629907733: New connection from 192.168.1.48 on port 8883.
1629907733: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907733: Socket error on client <unknown>, disconnecting.
1629907734: New connection from 192.168.1.51 on port 8883.
1629907734: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907734: Socket error on client <unknown>, disconnecting.
1629907735: New connection from 192.168.1.53 on port 8883.
1629907735: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907735: Socket error on client <unknown>, disconnecting.
1629907736: New connection from 192.168.1.50 on port 8883.
1629907736: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907736: Socket error on client <unknown>, disconnecting.
1629907737: New connection from 192.168.1.52 on port 8883.
1629907737: New connection from 192.168.1.49 on port 8883.
1629907737: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907737: Socket error on client <unknown>, disconnecting.
1629907737: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907737: Socket error on client <unknown>, disconnecting.
1629907737: New connection from 192.168.1.47 on port 8883.
1629907737: New connection from 192.168.1.48 on port 8883.
1629907737: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907737: Socket error on client <unknown>, disconnecting.
1629907737: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907737: Socket error on client <unknown>, disconnecting.
1629907738: New connection from 192.168.1.51 on port 8883.
1629907738: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907738: Socket error on client <unknown>, disconnecting.
1629907739: New connection from 192.168.1.53 on port 8883.
1629907739: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907739: Socket error on client <unknown>, disconnecting.
1629907740: New connection from 192.168.1.50 on port 8883.
1629907740: OpenSSL Error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
1629907740: Socket error on client <unknown>, disconnecting.

port 8883 is one of the “secure” MQTT ports, and the configuration options in the Mosquitto addon indicate that it should use SSL:

image946×518 20.1 KB

I don’t know how that squares with your config, where you have require_certificate: false, but I suspect that’s the problem. Do you perhaps have autoupdate enabled for the Mosquitto addon, and it may have updated to v6.xx without you knowing it?

No I am still with 5.1.1
Unfortunately, I don’t remember how it should be setup but I am (almost) certain that I didn’t change this. Yesterday I deleted one of my domains in duckdns (I wanted to change the name). I am not sure if this is relevant or not.

If you were using the DuckDNS or Let’s Encrypt addons to pull a certificate for your domain and you deleted the domain, then that certificate is probably no longer valid. Like I said, I don’t know how the Mosquitto addon handles connections to the SSL port (8883) with require_certificate: false, but it’s possible that it was using that certificate regardless because of the port that was being used. I recommend making sure that the certificates in /ssl are still valid, or recreate them.

now I remember that I was searching few hours in my ubuntu nuc to find these certificates. I really don’t remember where they are but I will find them. Can you please tell me how I can recreate them ? (in case I need to do so?)

Usually they would be created by the DuckDNS or Let’s Encrypt addons. You would configure those properly for the domain you’re using.