Yeah, sorry. I would undo everything prior. I would have no encryption between openHAB and mosquitto.
Again, more clarity… Thanks.
- ONE broker, listening on two ports (1883 & 8883) - no bridging necessary.
- OwnTracks sends data encrypted via the configured certificates to MY_DOMAIN.ORG:8883.
- My router forwards port 8883 to MY_SERVER:8883.
- My 8883 listener uses the configured certificates to decrypt that data.
- My broker sees the data delivered by both the 1883 listener and the 8883 listener.
- openHAB sees all the data coming into the single broker.
mqtt.cfg becomes:
openhab_tcpbroker.url=tcp://localhost:1883
listeners.conf becomes:
listener 1883 localhost
port 1883listener 8883
certfile /etc/letsencrypt/live/MY_DOMAIN.ORG/fullchain.pem
cafile /etc/letsencrypt/live/MY_DOMAIN.ORG/fullchain.pem
keyfile /etc/letsencrypt/live/MY_DOMAIN.ORG/privkey.pem
Mike
P.S. Right. I’m not tackling ACLs until I get 8883 receiving data successfully.