Mosquitto MQTT binding not connecting to broker anymore (openhab 3.2.0)


my mosquitto mqtt broker is not working anymore, it just tries to connect every minute and all my mqtt devices (like window sensor) are not working anymore (they seem to be online but they do not trigger any rules anymore).

“Starting MQTT broker connection to ‘localhost’.” and “Try to restore connection to ‘localhost’”

Here is what I changed before that behaviour:

  • I changed from openHab 3.1.0 (no milestone) to 3.2.0 (milestone 3) because I had trouble with the amazon binding (which is now working again with the binding from the marketplace)
  • I activated “basic auth & implicit user role” in the openHab web interface settings and switched from “http” to “https” when accessing the web interface, because I had problems with switches not being able to have the “off” state

Any suggestions what I might try to do here?

I had similar issues over the last days (were not at home for quite a while) and found out that my z2mqtt service did not connect to the mqtt broker anymore (still on OH 3.1.0).
At the end I found out that it has something to do with my certs which mqtt suddenly rejects (specifically the key.pem file, with error message that the protocol is not supported (I get those certs out of pfSense ACME, they worked before just fine)).
Did not find a solution yet, had to turn of TLS/HTTPS which got it back working, but obviously without certs.

Thanks, I will check on my configuration and get back to this thread.

Also double check your Mosquitto: has it updated recently?

1 Like

Thanks a lot for those. This points, at least for me, to some potential solution (even though I still do not understand mqtt’s error around the key.pem file :frowning:).

what is the exact error message ?
you could configure the broker to log all available debug information - this may give more insights.

What solved it for me:

I updated my zigbee2mqtt from 1.14 to 1.21 (after reboot still was not connecting). Then, I disabled the “basic auth & implicit user role” (but still accessing the web interface with https, so my “no-off” switches are still working) and now I don’t have any problems with the broker anymore, no reconnects.

I am still running the mosquitto v1.57 since I only use the Raspbian repository, but since I know now of the caveats of version 2 I think I will try an upgrade sometime soon.

Hope this helps someone else as well

I can see the following message in the log file:

1635059385: Error: Unable to load server key file “/home/christian/ssl/key.pem”. Check keyfile.
1635059385: Error: Protocol not available

Also, I am still running version 1.57 as well, not even 2.0 and had no issues with the certs so far.

the file is there and accessible with mosquitto user rights ?

yeah, all the cert files have the same rights (also did not really change them).

I had a look into souce code of mosquitto 1.5.7. The relevant section seems to be:

rc = SSL_CTX_use_PrivateKey_file(listener->ssl_ctx, listener->keyfile, SSL_FILETYPE_PEM);
if(rc != 1){
     log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server key file \"%s\". Check keyfile.", listener->keyfile);
     net__print_error(MOSQ_LOG_ERR, "Error: %s");
     return 1;

So both error messages are related and and created within the same if tree.
SSL_CTX_use_PrivateKey_file() is described to do ( see : SSL_CTX_use_PrivateKey_file() )

SSL_CTX_use_PrivateKey_file() adds the first private key found in file to ctx. The formatting type of the certificate must be specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. SSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in file to ctx. SSL_use_PrivateKey_file() adds the first private key found in file to ssl; SSL_use_RSAPrivateKey_file() adds the first private RSA key found to ssl.

I think you can use openssl to check if your keyfile is ( still ) ok.
One check would be to check the format ( PEM ) - not just that the extension is .pem and if openssl can open the file and e.g convert it into a different format.