I tried to secure my mosquitto server and gave the root ca to the certificate: option (documentation is unclear what this option is really for). In the logs I see a “certificate verify failed”.
OK, so I didn’t connect to the FQDN in the cert, instead I used 127.0.0.1. No problem there’s a tls_insecure option that says it disables hostname check.
Well, I still get the error. No dice.