Mosquitto 2.0 error after configuration

milo · August 7, 2022, 7:27pm

Hello,

i tried to configure my mosquitto broker with this config:

# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example

pid_file /var/run/mosquitto.pid

persistence true
persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log


#####################################
listener 8883
certfile /etc/mosquitto/certs/mosquitto.crt
keyfile /etc/mosquitto/certs/mosquitto.key
cafile /etc/mosquitto/ca_certificates/ca.crt

#allow_anonymous true
require_certificate true
password_file /etc/mosquitto/passwd
#####################################

include_dir /etc/mosquitto/conf.d

but as result i get

Active: failed (Result: exit-code) since Sun 2022-08-07 18:12:47 CEST; 4s ago
mosquitto.service: Scheduled restart job, restart counter is at 5.
Aug 07 18:12:47 smarthome systemd[1]: Stopped Mosquitto MQTT Broker.
Aug 07 18:12:47 smarthome systemd[1]: mosquitto.service: Start request repeated too quickly.
Aug 07 18:12:47 smarthome systemd[1]: mosquitto.service: Failed with result 'exit-code'.
Aug 07 18:12:47 smarthome systemd[1]: Failed to start Mosquitto MQTT Broker.

any help for me?

Wolfgang_S · August 8, 2022, 7:30am

What is the content of the file /var/log/mosquitto/mosquitto.log ?
What is the output of sudo journalctl -u mosquitto

milo · August 9, 2022, 8:16pm

Hey @Wolfgang_S,

it’s running now.

My configuration file looks like this, and I can connect with the MQTT Explorer:

listener 8883
certfile /etc/mosquitto/certs/mosquitto.crt
keyfile /etc/mosquitto/certs/mosquitto.key
cafile /etc/mosquitto/ca_certificates/ca.crt
#tls_version tlsv1
allow_anonymous false
require_certificate true
password_file /etc/mosquitto/passwd

@Wolfgang_S How can I now configure openhab mqtt bridge to use the certificate file?

this is my openhab configurtion

UID: mqtt:broker:b9e96b2de1
label: MQTT Broker
thingTypeUID: mqtt:broker
configuration:
  lwtQos: 0
  publickeypin: true
  keepAlive: 60
  certificate: BB1CEE6CF925F9DF57AAC0D337E4C4ADCA9892114415B72D4790550B5EDF887C
  publickey: 4FB22EE7E1E1139115C89A809D2996CA5F037FD6E46289C3E4A6343ABCD3D7A8
  secure: true
  birthRetain: true
  shutdownRetain: false
  certificatepin: true
  password: 0p3nhab
  qos: 0
  reconnectTime: 60000
  host: smarthome.fritz.box
  lwtRetain: true
  username: openhab
  enableDiscovery: true

Error in the log

tls_process_client_certificate:peer did not return a certificate

Wolfgang_S · August 10, 2022, 8:36am

This issue since OH 2.5

github.com/openhab/openhab-addons

[binding-mqtt - 2.5.3]Broker settings Certificate/PubKey pinning

opened 10:05PM - 15 Apr 20 UTC

bHub

bug

## Expected Behavior When the options Certificate and PubKey pinning are enab…led, in the MQTT Broker settings, the fields "Certificate Hash" and "Public key Hash" should be automatically filled, and the hashes should be valid until the certificate and the key are the same. ## Current Behavior If OH is restarted, the connection with the broker shouldn't be made until you blank the fields "Certificate Hash" and "Public key Hash"; the same hashes are recreated and the connection could be estabilished. If the Certificate and PubKey pinning are disabled, everything works fine even after a reboot. ## Steps to Reproduce (for Bugs) 1. Configure MQTT Broker in OH in order to use TLS (I use Mosquitto) 2. Enable Certificate and PubKey pinning 3. The first connection should be fine 4. Reboot OH 5. Check the status of the connection between OH and the broker ## Context I was configuring OH and all the other MQTT devices in order to use TLS to connect the broker ## Your Environment * Version used: docker image openhab:latest-debian

could be the root cause of the problem as it seems not to be fixed yet.