'Unable to connect to the broker'

In my list of HA users, I do have a system generated “homeassistant” user. I haven’t instructed it to try and connect to the broker, but might it be?

the mosquitto instructions state you can’t use homeassistant or addons as a user.

Yes correct… maybe remove that user? I think that is an old system-generated one… I don’t have one on my system… only a hassio system generated one and my admin user and a MQTT user I made…
What is configured in the devices MQTT settings?

I’d deleted it before but will do so again. My sonoffs have the correct IP address, correct port, correct credentials. Never had an issue connecting them prior to v4.1.

long time user, first time poster.

I’ve had issues with HA crashign in the past, so have had mine turned off for the bettsr part of 6 months now? Anyway, i have bought a house so perfect time to get into home automation again, and was excitred to see the new versions out!

But im having the same issues as above with a brand new clean install. I purposely made sure i took nothing from my old setup (just the same rPi 3, but different SD card even) to make sure it wasnt some shitty old setup that was crashing mine.

Anyway, same issues. I get “Unable to connect to the broker.” as well and am not able to get past it. I just cant get MQTT to work at all, and been trying for a couple days.

Upgraded to latest 0.90.0 with Mosquitto 4.1

Really hoping for some ideas… want to get back to automating my new home now that it’s ok to drill holes and run wires wherever i want

If this is a clean install. Ignore the discovered mqtt integration and utilise the mqtt reference in the section below “Set up a new integration”. This version allows you to manually enter the credentials referred to in the official docs. ie. IP, Port, User and pass. Good luck!

So… I have never been a fan of nuke and start again but this was the only way I could get v4.1 to work. Hooray - I got there!!! Happy days!

There MUST be some artifact that exists in a prior install that stops an upgrade from v4.0 to v4.1 from working. An artifact that is NOT accessible from normal edits of the files in the config folder. I tried lots and lots of config edits - nothing worked. I even deleted my SSL certificates and re-generated them - no joy!

If you are having these same infuriating issues, I personally would recommend the following…

1. Via Samba - copy all of your config files to a location other than your Hass server.
2. Go to all your add-ons and copy and paste your config entries to a text file on your computer.
3. Follow the Getting started instructions to begin a bare metal installation of HassIO. ie new micro-SD.
4. Install the add-ons - Duck DNS, Samba share and finally the problematic Mosquitto broker. Obviously copying and pasting back your config parameters. But do NOT do this for Mosquitto broker.
5. In Configuration > Users, create a Username / Password combo that matches your existing MQTT clients.
6. Create the v4.1 required ACL files in your share folder as per Official Docs
7. Have NO MQTT references in your configuration.yaml file.
8. Go with the default Mosquitto broker config parameters ( for v4.1 which requires ACL - ie. "active": true, ):

{
  "logins": [],
  "anonymous": false,
  "customize": {
    "active": true,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

9. Start the Add-on.
10. Go to Configuration > Integrations. You will probably have a discovered MQTT reference at the top of this page. I got the dreaded “Unable to connect to broker” response from trying this one.
11. Instead, go to the MQTT reference in the section below the heading Set up a new integration. This version provides the extra config parameters that are referred to in the official docs. ie. Broker IP, Broker port, Username and Password. Cross your fingers and hit Submit.
12. This is where I had always failed. With a new install, it worked for me. Hope it does for you.
13. Systematically start copying your original config files back to your new installation. NB. If you previously had a MQTT broker configured manually in your configuration.yaml, make sure you comment-out these references or just delete them all together before copying back to your new installation.
14. Reboot.
15. Make a snapshot and put the frustration behind you. Mystery continues.

Again, all of my original config files work with the new installation. The only difference being that Mosquitto broker v4.1 works now. Whereas, with the very same config on an old installation - I could NOT get my integration to connect. And I had constant socket error / disconnect errors in the log of my broker.

My new log. Very clean…

1553336177: |-- *** auth-plug: startup
1553336177: |-- ** Configured order: http
1553336177: Opening ipv4 listen socket on port 1883.
1553336177: Opening ipv6 listen socket on port 1883.
1553336177: Opening websockets listen socket on port 1884.
1553336177: |-- with_tls=false
1553336177: |-- getuser_uri=/login
1553336177: |-- superuser_uri=/superuser
1553336177: |-- aclcheck_uri=/acl
1553336177: |-- getuser_params=(null)
1553336177: |-- superuser_params=(null)
1553336177: |-- aclcheck_params=(null)
1553336177: |-- retry_count=3
1553336177: Opening ipv4 listen socket on port 8883.
1553336177: Opening ipv6 listen socket on port 8883.
1553336177: Opening websockets listen socket on port 8884.
1553336177: Warning: Mosquitto should not be run as root/administrator.
1553336178: New connection from 192.168.1.9 on port 1883.
1553336179: Socket error on client <unknown>, disconnecting.
1553336179: New connection from 192.168.1.9 on port 1883.
1553336179: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336179: |-- ** checking backend http
1553336179: |-- url=http://127.0.0.1:8080/login
1553336179: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336181: New client connected from 192.168.1.9 as 40323c1e-67f4-43c9-975a-85d5b08438ae (c1, k60, u'mqttuser').
1553336181: New connection from 192.168.1.41 on port 1883.
1553336181: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336181: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336181: |-- ** checking backend http
1553336181: |-- url=http://127.0.0.1:8080/login
1553336181: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336183: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336183: New client connected from 192.168.1.41 as sonoff_12_4568C9 (c1, k10, u'mqttuser').
1553336183: New connection from 192.168.1.39 on port 1883.
1553336183: New connection from 192.168.1.36 on port 1883.
1553336183: New connection from 192.168.1.52 on port 1883.
1553336183: New connection from 192.168.1.49 on port 1883.
1553336183: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336183: |-- ** checking backend http
1553336183: |-- url=http://127.0.0.1:8080/login
1553336183: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
1553336183: New connection from 192.168.1.38 on port 1883.
1553336183: New connection from 192.168.1.37 on port 1883.
1553336183: New connection from 192.168.1.45 on port 1883.
1553336183: New connection from 192.168.1.46 on port 1883.
[INFO] found mqttuser on Home Assistant
1553336185: New client connected from 192.168.1.39 as sonoff_07_B02E6B (c1, k10, u'mqttuser').
1553336185: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336185: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336185: |-- ** checking backend http
1553336185: |-- url=http://127.0.0.1:8080/login
1553336185: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336186: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336186: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336186: |-- ** checking backend http
1553336186: |-- url=http://127.0.0.1:8080/login
1553336186: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
1553336186: New client connected from 192.168.1.36 as sonoff_03_4974A5 (c1, k10, u'mqttuser').
[INFO] found mqttuser on Home Assistant
1553336188: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336188: New client connected from 192.168.1.52 as sonoff_02_8F40CC (c1, k10, u'mqttuser').
1553336188: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336188: |-- ** checking backend http
1553336188: |-- url=http://127.0.0.1:8080/login
1553336188: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336190: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336190: New client connected from 192.168.1.49 as sonoff_05_BEC7FC (c1, k10, u'mqttuser').
1553336190: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336190: |-- ** checking backend http
1553336190: |-- url=http://127.0.0.1:8080/login
1553336190: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336192: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336192: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336192: |-- ** checking backend http
1553336192: |-- url=http://127.0.0.1:8080/login
1553336192: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
1553336192: New client connected from 192.168.1.38 as sonoff_01_A80FCA (c1, k10, u'mqttuser').
[INFO] found mqttuser on Home Assistant
1553336193: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336193: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336193: New client connected from 192.168.1.37 as sonoff_04_44FB37 (c1, k10, u'mqttuser').
1553336193: |-- ** checking backend http
1553336193: |-- url=http://127.0.0.1:8080/login
1553336193: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336195: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336195: New client connected from 192.168.1.45 as sonoff_06_BEC808 (c1, k10, u'mqttuser').
1553336195: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336195: |-- ** checking backend http
1553336195: |-- url=http://127.0.0.1:8080/login
1553336195: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336197: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336197: New client connected from 192.168.1.46 as sonoff_08_BECD3D (c1, k10, u'mqttuser').

Active: true is not the default - the default is false.

If you set to true, in addition to the user you create, you need to specify a homeassistant user in the acl file. If you set active: false (the default) you don’t need to do that.

Maybe you are right, but I did say “( for v4.1 which requires ACL - ie. "active": true, )”.

The official docs say…
“Since version 4.1 of the addon, an explicit ACL definition is now required, see these instructions.”

I interpret that to mean that prior to v4.1, active can be false, but post 4.1 it should be
"active": true,

What do you think?

It works fine with active: false - the default.

I’m glad it does for you. But have you rebooted? And it still “works fine” afterwards? Maybe a future update won’t be as forgiving; if in fact, v4.1 (and beyond) does require "active": true,

I’m simply trying to follow the instructions to the letter.

IT WORKS PERFECTLY AS PER THE DEFAULT!!! I have rebooted multiple times

Thanks David. Why do you think the docs point one to this then?
Since version 4.1 of the addon, an explicit ACL definition is now required, see these instructions.

The Since version 4.1 instructions state that it should be “active”: true.

The docs need to cover all circumstances, there would be lots of users running v4.0 and earlier; where as you say, the default is false.

I don’t know why and I don’t care.
All I am saying is:

Active: true is NOT the default
If you set active: true and use a Home Assistant User, nothing will connect UNLESS you also add homeassistant to the list of allowed users in the ACL file.
If you define a local user in the broker and in the acl it seems to work.

Until today when I found out you needed to add homeassistant user to the ACL file… I was getting spam in my logs but setting it up as you say you must, nothing would connect to the broker at all! Using active: false (THE DEFAULT) and only a Home Assistant user worked. I just set the broker to default and it worked.

The example at the very top of the page you linked shows the default broker configuration!

Cool - good for you.

I’ve posted my happily working config which seems to align well with current docs. And it works perfectly.

Contrasting to what you just mentioned, I do not have any local users configured. I only have a Home Assistant user: “mqttuser”. Just to avoid confusion - I do not have a user anywhere named “homeassistant”. I do not have a reference to homeassistant in my ACL file. My ACL, as the docs indicate, only have topic readwrite #

Anyways, I am very grateful for you taking an interest and offer of help to my original post on this thread. The only way I could get out of my problem was to do what I explained earlier. I’ll leave it to others that may stumble on this thread to decide what is the best course of action for them.

My caveat is that I am NOT an expert. I did what I did. It worked. I shared it, in the spirit of this forum and the hope it might help others avoid the week I just had. Best wishes and good luck to all !!

I agree with that… Do what works for you. It didn’t work for me and I’m not alone. In another thread someone posted the exact same experience I had but he disabled active again rebooted and then enabled it and it started working with no changes… It’s weird to say the least.

Hey Thanks @Milster, though i did not follow word to word on the instructions,
the below is what i followed conjunctive to your steps,

1. Created a user with MQTT credentials (set this to User)
2. Created the ACL file with mqtt user in it
3. On the MQTT add-on config, no users added and Active set to true
4. Added the MQTT integration with IP-Port, user-pass from the list below on the integration page(did not enable discovery).

After a restart i was set, the logs are just like yours and works without an issue.

As per the docs, i did see since 4.1 ACL will be required and seems to be the way forward for MQTT as its more controlled & provides secure access.

i having problem to get it to work to:/

1575211141: Socket error on client <unknown>, disconnecting.
1575211142: New connection from 192.168.1.66 on port 1883.
1575211142: Socket error on client <unknown>, disconnecting.
1575211143: New connection from 192.168.1.66 on port 1883.
1575211143: Socket error on client <unknown>, disconnecting.
1575211144: New connection from 192.168.1.66 on port 1883.
1575211144: Socket error on client <unknown>, disconnecting.````

this is my log on mqtt

i have create a new user,
i have mqtt and ip adress in config
i have create the 2 files i share/Mosquitto
i havet set any usernamn or pass

I’m having exactly the same issue. Did you fix it in the meantime?

my log:

1586190304: New connection from 172.30.XXXX on port 1883.
[INFO] found user_mqtt on local database
1586190305: New client connected from 172.XXXX as auto-5E269947 (p2, c1, k60, u'user_mqtt').
1586190334: New connection from 192.168.XXXXX on port 1883.
[WARN] Not found user_mqtt on local database
1586190335: Socket error on client <unknown>, disconnecting.

Solution: I’ve changed the user name and password to be a shorter one and now it works.

I know this is an old topic but for the love of god i cant get this ***** mqtt working. It can’t be so hard but it just don’t work. I try David setting tried Milster and many other crazy combo nothing work. Has HA addons it always been this buggy. (I just got start with HA moved over from hubitat)

This literally is second add on i install on my HA first was samba. Omg that an headade long story short it doesn’t show up auto on window workgroup like normal I need to manually input the IP to get in. Which i dont mind at least i got in. And now this mqtt addon holy… hell this is frustrating.

There was one time I forget what carzy combo user/acl/config setting I did and manage to get it working. Will partially as the device never show up on mqtt auto discovery or even on developer Tools -> status. I got the device working via manually input all the code into ymal config. Now I uninstalled and reinstalled nothing work no connection.

Anyone run just a mqtt broker off by itself and not use the addon? Does it have these issue? I’ll dont mind spending $12 for an rpi0 w if it better then this addon.

I’ve been using the addon broker for almost 3 years now and it works with no problems but it’s hard to help you if you don’t give any details of your setup. MQTT is pretty simple…