Let's encrypt certificate and mqtt

[Artem Pastukhov]

I'm trying to connect to my hosted mqtt broker to 8883 port with tls enabled and signed by Let's encrypt certificate authority and i'm getting

ERROR:homeassistant.components.mqtt:Can't connect to the broker. Please check your settings and the broker itself.

Traceback (most recent call last):

  File "/home/artem/.local/lib/python3.5/site-packages/homeassistant/components/mqtt/__init__.py", line 98, in setup

    password, certificate)

  File "/home/artem/.local/lib/python3.5/site-packages/homeassistant/components/mqtt/__init__.py", line 157, in __init__

    self._mqttc.connect(broker, port, keepalive)

  File "/home/artem/.homeassistant/lib/paho/mqtt/client.py", line 612, in connect

    return self.reconnect()

  File "/home/artem/.homeassistant/lib/paho/mqtt/client.py", line 747, in reconnect

    ciphers=self._tls_ciphers)

  File "/usr/lib/python3.5/ssl.py", line 1064, in wrap_socket

    ciphers=ciphers)

  File "/usr/lib/python3.5/ssl.py", line 747, in __init__

    self.do_handshake()

  File "/usr/lib/python3.5/ssl.py", line 983, in do_handshake

    self._sslobj.do_handshake()

  File "/usr/lib/python3.5/ssl.py", line 628, in do_handshake

    self._sslobj.do_handshake()

ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

My broker settings are:

mqtt:

  broker: home.mqtt

  port: 8883

  client_id: home-assistant-1

  keepalive: 60

  username: homeassistant

  password: ****************

  certificate: /home/user/lets-encrypt-x1-cross-signed.pem

Any advice?

[Paulus Schoutsen]

This might be an issue with the paho-mqtt lib, your certificate or the configuration of your MQTT server. Are you able to connect to your server using other ways? 

--
You received this message because you are subscribed to the Google Groups "Home Assistant Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to home-assistant-...@googlegroups.com.
To post to this group, send email to home-assi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/home-assistant-dev/b3fdbcda-62c6-4ff9-b968-6417dd09ab0e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

PaulusSchoutsen.nl 

It's nice to be important but it's more important to be nice.

[Artem Pastukhov]

Yes. I can conect to my broker with others clients: mosquitto_pub, mosquitto_sub, MQTT.fx and others i find.

пятница, 13 ноября 2015 г., 11:06:44 UTC+3 пользователь Paulus Schoutsen написал:

To unsubscribe from this group and stop receiving emails from it, send an email to home-assistant-dev+unsub...@googlegroups.com.

To post to this group, send email to home-assi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/home-assistant-dev/b3fdbcda-62c6-4ff9-b968-6417dd09ab0e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Sean W]

I had the same problem. It works if you put all your system CAs into a file and use that as the certificate. Its a bit of a hack but it seems to fix the problem:

$> cat /etc/certs/ssl/*.pem > /home/user/certs.pem