'Unable to connect to the broker'

I didn’t mainly because I have tried every possible method - no config.yaml, with config.yaml, with local users, without local users, annonymous false then true, active true, active false (although I think v4.1 insists on an ACL), all of this with every conceiveable mix and match of variations.

Interesting that the only way @ashscott got up and running was to do a brand new install. What was the culprit? What remnant piece of an established working setup might be disagreeing with v4.1. Certificate files maybe? Dunno.

I doubt it was necessary. Doing the same thing over and over gets the same result. I’m positive your error can be fixed without doing that.

Your advice would be to attempt a setup with Discovery, HA users (not local users), Anonymous set to true. Active set to false (although the instructions say that v4.1 requires ACL)? I’ve tried that before with no luck and not retained my logs but happy to try again.

It shouldn’t be this difficult to setup. I set up mosquito on Ubuntu and can send messages back and forth but can’t get it working with home-assistant

Not necessarily… I’d like to see your config to see if I can help you fix it. Yes I like discovery but that’s not a good solution for everything…

Here we go…

1. No MQTT references in configuration.yaml
2. Update to v4.1 Mosquitto MQTT
3. Using default minimal mqtt config:
4. Add HA user: mqttuser pass: mqttpass
5. Reboot
6. All mqtt clients (Sonoffs with v6.4.1 and core 2.5) go offline

{
  "logins": [],
  "anonymous": false,
  "customize": {
    "active": false,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

I haven’t tried Discovery at this point but my mqtt log looks like this:

[INFO] Setup mosquitto configuration
[INFO] No local user available
[INFO] Initialize Hass.io Add-on services
[INFO] Initialize Home Assistant discovery
[INFO] Start Mosquitto daemon
1553149391: mosquitto version 1.5.6 starting
1553149391: Config loaded from /etc/mosquitto.conf.
1553149391: |-- *** auth-plug: startup
1553149391: |-- ** Configured order: http
1553149391: |-- with_tls=false
1553149391: |-- getuser_uri=/login
1553149391: |-- superuser_uri=/superuser
1553149391: |-- aclcheck_uri=/acl
1553149391: |-- getuser_params=(null)
1553149391: |-- superuser_params=(null)
1553149391: |-- aclcheck_params=(null)
1553149391: |-- retry_count=3
1553149391: Opening ipv4 listen socket on port 1883.
1553149391: Opening ipv6 listen socket on port 1883.
1553149391: Opening websockets listen socket on port 1884.
1553149392: Opening ipv4 listen socket on port 8883.
1553149392: Opening ipv6 listen socket on port 8883.
1553149392: Opening websockets listen socket on port 8884.
1553149392: Warning: Mosquitto should not be run as root/administrator.
1553149392: New connection from 192.168.1.49 on port 1883.
1553149392: |-- mosquitto_auth_unpwd_check(mqttuser)
1553149392: |-- ** checking backend http
1553149392: |-- url=http://127.0.0.1:8080/login
1553149392: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553149396: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553149396: New client connected from 192.168.1.49 as sonoff_05_BEC7FC (c1, k10, u'mqttuser').
1553149396: New connection from 192.168.1.36 on port 1883.
1553149396: New connection from 192.168.1.39 on port 1883.
1553149396: New connection from 192.168.1.38 on port 1883.
1553149396: New connection from 192.168.1.37 on port 1883.
1553149396: New connection from 192.168.1.52 on port 1883.
1553149396: New connection from 192.168.1.41 on port 1883.
1553149396: New connection from 192.168.1.45 on port 1883.
1553149396: New connection from 192.168.1.46 on port 1883.
1553149396: |-- mosquitto_auth_unpwd_check(mqttuser)
1553149396: |-- ** checking backend http
1553149396: |-- url=http://127.0.0.1:8080/login
1553149396: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553149399: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553149399: |-- mosquitto_auth_unpwd_check(mqttuser)
1553149399: |-- ** checking backend http
1553149399: New client connected from 192.168.1.36 as sonoff_03_4974A5 (c1, k10, u'mqttuser').
1553149399: |-- url=http://127.0.0.1:8080/login
1553149399: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553149403: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553149403: |-- mosquitto_auth_unpwd_check(mqttuser)
1553149403: |-- ** checking backend http
1553149403: |-- url=http://127.0.0.1:8080/login

When I attempt to configure my MQTT integration, I get this…

Well that sucks… that’s really odd.

ikr! It’s killing me.

In my list of HA users, I do have a system generated “homeassistant” user. I haven’t instructed it to try and connect to the broker, but might it be?

the mosquitto instructions state you can’t use homeassistant or addons as a user.

Yes correct… maybe remove that user? I think that is an old system-generated one… I don’t have one on my system… only a hassio system generated one and my admin user and a MQTT user I made…
What is configured in the devices MQTT settings?

I’d deleted it before but will do so again. My sonoffs have the correct IP address, correct port, correct credentials. Never had an issue connecting them prior to v4.1.

long time user, first time poster.

I’ve had issues with HA crashign in the past, so have had mine turned off for the bettsr part of 6 months now? Anyway, i have bought a house so perfect time to get into home automation again, and was excitred to see the new versions out!

But im having the same issues as above with a brand new clean install. I purposely made sure i took nothing from my old setup (just the same rPi 3, but different SD card even) to make sure it wasnt some shitty old setup that was crashing mine.

Anyway, same issues. I get “Unable to connect to the broker.” as well and am not able to get past it. I just cant get MQTT to work at all, and been trying for a couple days.

Upgraded to latest 0.90.0 with Mosquitto 4.1

Really hoping for some ideas… want to get back to automating my new home now that it’s ok to drill holes and run wires wherever i want

If this is a clean install. Ignore the discovered mqtt integration and utilise the mqtt reference in the section below “Set up a new integration”. This version allows you to manually enter the credentials referred to in the official docs. ie. IP, Port, User and pass. Good luck!

So… I have never been a fan of nuke and start again but this was the only way I could get v4.1 to work. Hooray - I got there!!! Happy days!

There MUST be some artifact that exists in a prior install that stops an upgrade from v4.0 to v4.1 from working. An artifact that is NOT accessible from normal edits of the files in the config folder. I tried lots and lots of config edits - nothing worked. I even deleted my SSL certificates and re-generated them - no joy!

If you are having these same infuriating issues, I personally would recommend the following…

1. Via Samba - copy all of your config files to a location other than your Hass server.
2. Go to all your add-ons and copy and paste your config entries to a text file on your computer.
3. Follow the Getting started instructions to begin a bare metal installation of HassIO. ie new micro-SD.
4. Install the add-ons - Duck DNS, Samba share and finally the problematic Mosquitto broker. Obviously copying and pasting back your config parameters. But do NOT do this for Mosquitto broker.
5. In Configuration > Users, create a Username / Password combo that matches your existing MQTT clients.
6. Create the v4.1 required ACL files in your share folder as per Official Docs
7. Have NO MQTT references in your configuration.yaml file.
8. Go with the default Mosquitto broker config parameters ( for v4.1 which requires ACL - ie. "active": true, ):

{
  "logins": [],
  "anonymous": false,
  "customize": {
    "active": true,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

9. Start the Add-on.
10. Go to Configuration > Integrations. You will probably have a discovered MQTT reference at the top of this page. I got the dreaded “Unable to connect to broker” response from trying this one.
11. Instead, go to the MQTT reference in the section below the heading Set up a new integration. This version provides the extra config parameters that are referred to in the official docs. ie. Broker IP, Broker port, Username and Password. Cross your fingers and hit Submit.
12. This is where I had always failed. With a new install, it worked for me. Hope it does for you.
13. Systematically start copying your original config files back to your new installation. NB. If you previously had a MQTT broker configured manually in your configuration.yaml, make sure you comment-out these references or just delete them all together before copying back to your new installation.
14. Reboot.
15. Make a snapshot and put the frustration behind you. Mystery continues.

Again, all of my original config files work with the new installation. The only difference being that Mosquitto broker v4.1 works now. Whereas, with the very same config on an old installation - I could NOT get my integration to connect. And I had constant socket error / disconnect errors in the log of my broker.

My new log. Very clean…

1553336177: |-- *** auth-plug: startup
1553336177: |-- ** Configured order: http
1553336177: Opening ipv4 listen socket on port 1883.
1553336177: Opening ipv6 listen socket on port 1883.
1553336177: Opening websockets listen socket on port 1884.
1553336177: |-- with_tls=false
1553336177: |-- getuser_uri=/login
1553336177: |-- superuser_uri=/superuser
1553336177: |-- aclcheck_uri=/acl
1553336177: |-- getuser_params=(null)
1553336177: |-- superuser_params=(null)
1553336177: |-- aclcheck_params=(null)
1553336177: |-- retry_count=3
1553336177: Opening ipv4 listen socket on port 8883.
1553336177: Opening ipv6 listen socket on port 8883.
1553336177: Opening websockets listen socket on port 8884.
1553336177: Warning: Mosquitto should not be run as root/administrator.
1553336178: New connection from 192.168.1.9 on port 1883.
1553336179: Socket error on client <unknown>, disconnecting.
1553336179: New connection from 192.168.1.9 on port 1883.
1553336179: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336179: |-- ** checking backend http
1553336179: |-- url=http://127.0.0.1:8080/login
1553336179: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336181: New client connected from 192.168.1.9 as 40323c1e-67f4-43c9-975a-85d5b08438ae (c1, k60, u'mqttuser').
1553336181: New connection from 192.168.1.41 on port 1883.
1553336181: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336181: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336181: |-- ** checking backend http
1553336181: |-- url=http://127.0.0.1:8080/login
1553336181: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336183: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336183: New client connected from 192.168.1.41 as sonoff_12_4568C9 (c1, k10, u'mqttuser').
1553336183: New connection from 192.168.1.39 on port 1883.
1553336183: New connection from 192.168.1.36 on port 1883.
1553336183: New connection from 192.168.1.52 on port 1883.
1553336183: New connection from 192.168.1.49 on port 1883.
1553336183: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336183: |-- ** checking backend http
1553336183: |-- url=http://127.0.0.1:8080/login
1553336183: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
1553336183: New connection from 192.168.1.38 on port 1883.
1553336183: New connection from 192.168.1.37 on port 1883.
1553336183: New connection from 192.168.1.45 on port 1883.
1553336183: New connection from 192.168.1.46 on port 1883.
[INFO] found mqttuser on Home Assistant
1553336185: New client connected from 192.168.1.39 as sonoff_07_B02E6B (c1, k10, u'mqttuser').
1553336185: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336185: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336185: |-- ** checking backend http
1553336185: |-- url=http://127.0.0.1:8080/login
1553336185: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336186: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336186: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336186: |-- ** checking backend http
1553336186: |-- url=http://127.0.0.1:8080/login
1553336186: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
1553336186: New client connected from 192.168.1.36 as sonoff_03_4974A5 (c1, k10, u'mqttuser').
[INFO] found mqttuser on Home Assistant
1553336188: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336188: New client connected from 192.168.1.52 as sonoff_02_8F40CC (c1, k10, u'mqttuser').
1553336188: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336188: |-- ** checking backend http
1553336188: |-- url=http://127.0.0.1:8080/login
1553336188: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336190: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336190: New client connected from 192.168.1.49 as sonoff_05_BEC7FC (c1, k10, u'mqttuser').
1553336190: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336190: |-- ** checking backend http
1553336190: |-- url=http://127.0.0.1:8080/login
1553336190: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336192: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336192: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336192: |-- ** checking backend http
1553336192: |-- url=http://127.0.0.1:8080/login
1553336192: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
1553336192: New client connected from 192.168.1.38 as sonoff_01_A80FCA (c1, k10, u'mqttuser').
[INFO] found mqttuser on Home Assistant
1553336193: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336193: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336193: New client connected from 192.168.1.37 as sonoff_04_44FB37 (c1, k10, u'mqttuser').
1553336193: |-- ** checking backend http
1553336193: |-- url=http://127.0.0.1:8080/login
1553336193: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336195: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336195: New client connected from 192.168.1.45 as sonoff_06_BEC808 (c1, k10, u'mqttuser').
1553336195: |-- mosquitto_auth_unpwd_check(mqttuser)
1553336195: |-- ** checking backend http
1553336195: |-- url=http://127.0.0.1:8080/login
1553336195: |-- data=username=mqttuser&password=mqttpass&topic=&acc=-1&clientid=
[INFO] found mqttuser on Home Assistant
1553336197: |-- getuser(mqttuser) AUTHENTICATED=1 by http
1553336197: New client connected from 192.168.1.46 as sonoff_08_BECD3D (c1, k10, u'mqttuser').

Active: true is not the default - the default is false.

If you set to true, in addition to the user you create, you need to specify a homeassistant user in the acl file. If you set active: false (the default) you don’t need to do that.

Maybe you are right, but I did say “( for v4.1 which requires ACL - ie. "active": true, )”.

The official docs say…
“Since version 4.1 of the addon, an explicit ACL definition is now required, see these instructions.”

I interpret that to mean that prior to v4.1, active can be false, but post 4.1 it should be
"active": true,

What do you think?

It works fine with active: false - the default.

I’m glad it does for you. But have you rebooted? And it still “works fine” afterwards? Maybe a future update won’t be as forgiving; if in fact, v4.1 (and beyond) does require "active": true,

I’m simply trying to follow the instructions to the letter.

IT WORKS PERFECTLY AS PER THE DEFAULT!!! I have rebooted multiple times

Thanks David. Why do you think the docs point one to this then?
Since version 4.1 of the addon, an explicit ACL definition is now required, see these instructions.

The Since version 4.1 instructions state that it should be “active”: true.

The docs need to cover all circumstances, there would be lots of users running v4.0 and earlier; where as you say, the default is false.