weewx mqttpublish to remote HiveMQ
49 views
Skip to first unread message
rutte...@gmail.com
Feb 16, 2026, 12:18:45 PM (3 days ago) Feb 16
to weewx-user
Hi,
I'm having troubles getting weewx mqtt to publish to my remote HiveMQ cloud broker from the RPi weewx is running on, when I test with mosquitto_pub it does work correctly.
I'm using mqttpublish from https://github.com/weewx-mqtt/publish
The goal is to publish the data from weewx to the remote HiveMQ broker and then subscribe to the HiveMQ broker from my website running externally which is why I decided to publish to a remote broker so the website doesn't have to subscribe to a broker inside my local home network.
does anybody have an insight to what I'm doing wrong?
These are the related sofware versions:
weewxd version 5.2.0
Python 3.13.5
paho-mqtt 2.1.0
*I've replaced the username and password with something generic in the information below.
part of the debug log:
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: native id in 'main' init 189873
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: sanitized configuration removed ['password']
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: sanitized_service_dict is {'keepalive': '60', 'enable': 'true', 'log_mqtt': 'true', 'host': '72faee6f34dd47e8b26860352d1801f6.s1.eu.hivemq.cloud', 'topics': {'weer': {'type': 'individual', 'retain': 'true', 'unit_system': 'METRIC'}}, 'username': 'username', 'binding': 'loop', 'port': '8883'}
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: Loop topics: {'weer': {'qos': 0, 'retain': True, 'type': 'individual', 'unit_system': 16, 'guarantee_delivery': False, 'ignore': False, 'append_unit_label': True, 'conversion_type': 'string', 'format': '%s', 'fields': {}, 'aggregates': {}}}
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: Archive topics: {}
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: native id in init 189873
feb 16 17:07:16 weewx weewxd[189873]: INFO user.mqttpublish: starting thread
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: Thread-2 547775377760
feb 16 17:07:16 weewx weewxd[189873]: INFO user.mqttpublish: joining thread
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: native id in run 189878
feb 16 17:07:16 weewx weewxd[189873]: INFO user.mqttpublish: joined thread
feb 16 17:07:16 weewx weewxd[189873]: INFO user.mqttpublish: started thread
feb 16 17:07:16 weewx weewxd[189873]: DEBUG weewx.engine: Finished loading service user.mqttpublish.PublishWeeWX
feb 16 17:07:16 weewx weewxd[189873]: ERROR user.mqttpublish: Disconnected with result code 128
feb 16 17:07:17 weewx weewxd[189873]: DEBUG user.mqttpublish: waiting
feb 16 17:07:22 weewx weewxd[189873]: DEBUG user.mqttpublish: waiting
When I test from the commandline with this mosquitto command the message doe correctly arrive at the broker:
mosquitto_pub -h 72faee6f34dd47e8b26860352d1801f6.s1.eu.hivemq.cloud -p 8883 -t "weer" -m "Hello from RPI" -u "username" -P "password"
This is the related part from weewx.conf:
[MQTTPublish]
enable = true
log_mqtt = true
# The MQTT server.
# Default is localhost.
host = 72faee6f34dd47e8b26860352d1801f6.s1.eu.hivemq.cloud
# The port to connect to.
# Default is 1883.
port = 8883
# Maximum period in seconds allowed between communications with the broker.
# Default is 60.
keepalive = 60
# username for broker authentication.
# Default is None.
username = username
# password for broker authentication.
# Default is None.
password = password
# The binding, loop or archive.
# Default is: loop
binding = loop
[[topics]]
[[[weer]]]
type = individual
retain = true
I'm having troubles getting weewx mqtt to publish to my remote HiveMQ cloud broker from the RPi weewx is running on, when I test with mosquitto_pub it does work correctly.
I'm using mqttpublish from https://github.com/weewx-mqtt/publish
The goal is to publish the data from weewx to the remote HiveMQ broker and then subscribe to the HiveMQ broker from my website running externally which is why I decided to publish to a remote broker so the website doesn't have to subscribe to a broker inside my local home network.
does anybody have an insight to what I'm doing wrong?
These are the related sofware versions:
weewxd version 5.2.0
Python 3.13.5
paho-mqtt 2.1.0
*I've replaced the username and password with something generic in the information below.
part of the debug log:
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: native id in 'main' init 189873
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: sanitized configuration removed ['password']
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: sanitized_service_dict is {'keepalive': '60', 'enable': 'true', 'log_mqtt': 'true', 'host': '72faee6f34dd47e8b26860352d1801f6.s1.eu.hivemq.cloud', 'topics': {'weer': {'type': 'individual', 'retain': 'true', 'unit_system': 'METRIC'}}, 'username': 'username', 'binding': 'loop', 'port': '8883'}
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: Loop topics: {'weer': {'qos': 0, 'retain': True, 'type': 'individual', 'unit_system': 16, 'guarantee_delivery': False, 'ignore': False, 'append_unit_label': True, 'conversion_type': 'string', 'format': '%s', 'fields': {}, 'aggregates': {}}}
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: Archive topics: {}
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: native id in init 189873
feb 16 17:07:16 weewx weewxd[189873]: INFO user.mqttpublish: starting thread
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: Thread-2 547775377760
feb 16 17:07:16 weewx weewxd[189873]: INFO user.mqttpublish: joining thread
feb 16 17:07:16 weewx weewxd[189873]: DEBUG user.mqttpublish: native id in run 189878
feb 16 17:07:16 weewx weewxd[189873]: INFO user.mqttpublish: joined thread
feb 16 17:07:16 weewx weewxd[189873]: INFO user.mqttpublish: started thread
feb 16 17:07:16 weewx weewxd[189873]: DEBUG weewx.engine: Finished loading service user.mqttpublish.PublishWeeWX
feb 16 17:07:16 weewx weewxd[189873]: ERROR user.mqttpublish: Disconnected with result code 128
feb 16 17:07:17 weewx weewxd[189873]: DEBUG user.mqttpublish: waiting
feb 16 17:07:22 weewx weewxd[189873]: DEBUG user.mqttpublish: waiting
When I test from the commandline with this mosquitto command the message doe correctly arrive at the broker:
mosquitto_pub -h 72faee6f34dd47e8b26860352d1801f6.s1.eu.hivemq.cloud -p 8883 -t "weer" -m "Hello from RPI" -u "username" -P "password"
This is the related part from weewx.conf:
[MQTTPublish]
enable = true
log_mqtt = true
# The MQTT server.
# Default is localhost.
host = 72faee6f34dd47e8b26860352d1801f6.s1.eu.hivemq.cloud
# The port to connect to.
# Default is 1883.
port = 8883
# Maximum period in seconds allowed between communications with the broker.
# Default is 60.
keepalive = 60
# username for broker authentication.
# Default is None.
username = username
# password for broker authentication.
# Default is None.
password = password
# The binding, loop or archive.
# Default is: loop
binding = loop
[[topics]]
[[[weer]]]
type = individual
retain = true
unit_system = METRIC
Thank you very much,
Roy
Vince Skahan
Feb 16, 2026, 12:39:14 PM (3 days ago) Feb 16
to weewx-user
You're using port 8883 which is typically encrypted, so don't you need a [[tls]] section to tell MQTTPublish where to find the certificates for the encryption part ?
bell...@gmail.com
Feb 16, 2026, 1:02:04 PM (3 days ago) Feb 16
to weewx-user
A couple of things to look into.
You are using port 8883. This is usually an encrypted connection, but I don’t see any tls configuration, https://weewx-mqtt.github.io/publish/common-options/tls.html, for weewx-mqtt/publish. (Note, I believe that mosquittio_pub can use the system cert, so no additional configuration would be needed for it. But I am not certain.)
You could try setting log_mqtt = true, https://weewx-mqtt.github.io/publish/common-options/#log_mqtt. This will enable logging at the “mqtt level”. It might provide some additional information.
rutte...@gmail.com
Feb 16, 2026, 1:18:16 PM (3 days ago) Feb 16
to weewx-user
Ah yes, thank you, this is getting me closer!
I missed the part for mosquitto_pub where it says:"if the -p 8883 option is used
then the OS provided certificates will be loaded and neither
--cafile or --capath are
needed."
log_mqtt is already set to true (and it's the default) it doesn't seem to give more information that is in the log, but thank you for the tip none the less.
Now I need to figure out how to get
Certificate Authority certificate files onto my RPi or point mqttpublish to the OS provided ertifiace to see if that will work too.
If i've understood correctly certbot needs the RPi to be exposed to the internet which is what i don't want to do.
Any tips on how to accomplish this?
Thank you!!
Roy
Op maandag 16 februari 2026 om 19:02:04 UTC+1 schreef bell...@gmail.com:
bell...@gmail.com
Feb 16, 2026, 1:37:15 PM (3 days ago) Feb 16
to weewx-user
Re: log_mqtt
I now see that it is set, but see no extra logging in your snippet. I'll have to look into why not. Thanks for letting me know.
Re: certs
They give me a headache! This is all I have in my config....
```
```
[[[tls]]]
tls_version = tls
```
I'm a bit swamped right now, but I'll try to find some time to dig through my notes and the code.
And someday hopefully add some more info to the docs.
rich
bell...@gmail.com
Feb 16, 2026, 1:47:20 PM (3 days ago) Feb 16
to weewx-user
you probably want [[tls]] (two '[). I apparently am running with an old config format....
rutte...@gmail.com
Feb 16, 2026, 1:47:45 PM (3 days ago) Feb 16
to weewx-user
Hah!! Thank you so much!
I had copied everything in weewx.conf and assigned all the default values which didn't work, but commenting everything out except for "tls_version = tlsv12" fixed it!
I'm now getting my data into the broker :-).
Thank you!!
Op maandag 16 februari 2026 om 19:37:15 UTC+1 schreef bell...@gmail.com:
Greg Troxel
Feb 16, 2026, 1:54:32 PM (3 days ago) Feb 16
to rutte...@gmail.com, weewx-user
"rutte...@gmail.com" <rutte...@gmail.com> writes:
> I missed the part for mosquitto_pub where it says:"if the -p 8883 option is
> used then the OS provided certificates will be loaded and neither --cafile
> or --capath are needed."
The practice of having to specify a specific CA or a set of CAs to
> I missed the part for mosquitto_pub where it says:"if the -p 8883 option is
> used then the OS provided certificates will be loaded and neither --cafile
> or --capath are needed."
enable TLS was always unusual and mosquitto has moved away from it.
When being a TLS validator, the standard approach is to use the system
list of CAs (== configured set of trust anchors).
> Now I need to figure out how to get Certificate Authority certificate
> files onto my RPi or point mqttpublish to the OS provided ertifiace to see
> if that will work too.
> If i've understood correctly certbot needs the RPi to be exposed to the
> internet which is what i don't want to do.
you need a certificate and private key, and you usually use lets
encrypt.
For a TLS client, the standard OS set of preconfigured CAs (trust
anchors) is fine.
On my Raspberry Pi OS 13 system, /etc/ssl/certs has a lot of contents.
(I'm not running a weewx mqtt client on it.)
At this point I'm not sure what's not working for you and what's
configured.
rutte...@gmail.com
Feb 16, 2026, 2:02:03 PM (3 days ago) Feb 16
to weewx-user
Thank you for this.
That second part is definitely me not understanding the whole TLS thing, but the way you explained it makes it a lot clearer for me. I guess where i got tripped up is that since weewx is "serving up the data" that is also the server, but that is not how MQTT works of course, the broker is the server and both the publisher and the subscriber are the clients.
Thanks again for making things clearer for me.
Roy
Op maandag 16 februari 2026 om 19:54:32 UTC+1 schreef Greg Troxel:
Greg Troxel
Feb 16, 2026, 2:05:27 PM (3 days ago) Feb 16
to rutte...@gmail.com, weewx-user
"rutte...@gmail.com" <rutte...@gmail.com> writes:
> That second part is definitely me not understanding the whole TLS thing,
> but the way you explained it makes it a lot clearer for me. I guess where i
> got tripped up is that since weewx is "serving up the data" that is also
> the server, but that is not how MQTT works of course, the broker is the
> server and both the publisher and the subscriber are the clients.
Yes, exactly. The logical flow of what is producing data and what is
> That second part is definitely me not understanding the whole TLS thing,
> but the way you explained it makes it a lot clearer for me. I guess where i
> got tripped up is that since weewx is "serving up the data" that is also
> the server, but that is not how MQTT works of course, the broker is the
> server and both the publisher and the subscriber are the clients.
using it has nothing to do with TLS configuration. In TLS, the machine
that listens on a socket for connections is a server, and the machine
that makes an outbound connection is a client.
Vince Skahan
Feb 16, 2026, 2:55:14 PM (3 days ago) Feb 16
to weewx-user
On Monday, February 16, 2026 at 10:47:45 AM UTC-8 rutte...@gmail.com wrote:
I'm now getting my data into the broker :-).
Great news.
If you could share your entire working weewx.conf MQTT section (with user/pass changed of course) that would be a big help for the next person trying to do the same thing....
rutte...@gmail.com
Feb 16, 2026, 3:42:27 PM (3 days ago) Feb 16
to weewx-user
Good point, yes certainly here you go uncondensed:
# Whether tls is enabled or not. Valid values are true or false. The default value is true.
#enable = true
# Path to the Certificate Authority certificate files that are to be treated as trusted by this client.
#ca_certs = #/etc/ssl/certs/
#The PEM encoded client certificate and private keys. The default value is None.
#certfile = None
# The certificate requirements that the client imposes on the broker. Valid values are none, optional, or required. The default value is required.
#certs_required = required
# The encryption ciphers that are allowable for this connection. Specify None to use the defaults. The default value is None.
#ciphers = None
# The private keys. The default value is None.
#keyfile = None
# The version of the SSL/TLS protocol to be used. Valid values are sslv2, sslv23, sslv3, tls, tlsv1, tlsv11, or tlsv12. The default value is tlsv12.
tls_version = tlsv12
[[topics]]
[[[weer]]]
type = individual
retain = true
unit_system = METRIC
[[[weerjson]]]
type = json
retain = true
unit_system = METRIC
[MQTTPublish]
enable = true
log_mqtt = true
# The MQTT server.
# Default is localhost.
host = 72faee6f34dd47e8b26860352d1801f6.s1.eu.hivemq.cloud
# The port to connect to.
# Default is 1883.
port = 8883
# Maximum period in seconds allowed between communications with the broker.
# Default is 60.
keepalive = 60
# username for broker authentication.
# Default is None.
username = username
# password for broker authentication.
# Default is None.
password = password
# The binding, loop or archive.
# Default is: loop
binding = loop
[[tls]]enable = true
log_mqtt = true
# The MQTT server.
# Default is localhost.
host = 72faee6f34dd47e8b26860352d1801f6.s1.eu.hivemq.cloud
# The port to connect to.
# Default is 1883.
port = 8883
# Maximum period in seconds allowed between communications with the broker.
# Default is 60.
keepalive = 60
# username for broker authentication.
# Default is None.
username = username
# password for broker authentication.
# Default is None.
password = password
# The binding, loop or archive.
# Default is: loop
binding = loop
# Whether tls is enabled or not. Valid values are true or false. The default value is true.
#enable = true
# Path to the Certificate Authority certificate files that are to be treated as trusted by this client.
#ca_certs = #/etc/ssl/certs/
#The PEM encoded client certificate and private keys. The default value is None.
#certfile = None
# The certificate requirements that the client imposes on the broker. Valid values are none, optional, or required. The default value is required.
#certs_required = required
# The encryption ciphers that are allowable for this connection. Specify None to use the defaults. The default value is None.
#ciphers = None
# The private keys. The default value is None.
#keyfile = None
# The version of the SSL/TLS protocol to be used. Valid values are sslv2, sslv23, sslv3, tls, tlsv1, tlsv11, or tlsv12. The default value is tlsv12.
tls_version = tlsv12
[[topics]]
[[[weer]]]
type = individual
retain = true
unit_system = METRIC
type = json
retain = true
unit_system = METRIC
Op maandag 16 februari 2026 om 20:55:14 UTC+1 schreef Vince Skahan:
Reply all
Reply to author
Forward
0 new messages