Unable to connect to MQTTS server due 2 expired CA root cert

Hi,

I have two problems with the MQTT plugin. The first one is that the plugin is failing to connect to my desired MQTT server (I am following the instructions on the Glow IHD/CAD Indigo Plugin) but there is nothing useful in the logs. Here is what I see on Debug mode when I restart the plugin:

Code: Select all

   MQTT Connector Debug            MQTT Connector: logLevel = 10
   Started plugin "MQTT Connector 0.4.10"
   MQTT Connector                  Starting MQTT Connector
   MQTT Connector                  Glowmarkt MQTT Broker: Starting Device
   MQTT Connector Debug            Glowmarkt MQTT Broker: Broker __init__ address = glowmqtt.energyhive.com, port = 8883, protocol = 4, transport = tcp


The second problem is why the connection fails. I know why it fails but not sure how to fix it. The desired MQTT server I want to connect via MQTTS uses certificates issued by LetsEncrypt. Recently some of the root CA certs LetsEcrypt uses have expired and need to be updated. This caused lots of trouble for older devices (see here) like my MacOS Mojave MacMini. Technically Mojave is still under Apple Support but it seems they don't care much. I looked around on how to update the OS CA root certs but looks like this is not easy to do as the certs are protected by System Integrity Protection (see here).

Does anyone have an idea on how to solve this? It's not really a MQTT problem but thought I will ask here first.

Thanks!

In the config dialog for the MQTT Connector, check the box for library debug, then restart the plugin. That'll get some logging on the actual connection to the server. I should have done a better job pulling error info from the library into the plugin.

As for the Cert issue, it's possible to specify a cert file when opening the connection to the server, but I didn't implement that in the plugin. See the tls_set() function here: https://pypi.org/project/paho-mqtt/#option-functions. If this is something you need, open an issue on GitHub to request implementation.

As an aside, why that particular MQTT server?

Hi,

Thanks for the quick reply. I did try enabling library debug but it made no difference:

Code: Select all

   Reloading plugin "MQTT Connector 0.4.10"
   Stopping plugin "MQTT Connector 0.4.10" (pid 95000)
   MQTT Connector                  Glowmarkt MQTT Broker: Stopping Device
   MQTT Connector                  Glowmarkt MQTT Broker: Disconnecting
   MQTT Connector                  Shutting down MQTT Connector
   Stopped plugin "MQTT Connector 0.4.10"
   Starting plugin "MQTT Connector 0.4.10" (pid 73275)
   MQTT Connector Debug            MQTT Connector: logLevel = 10
   Started plugin "MQTT Connector 0.4.10"
   MQTT Connector                  Starting MQTT Connector
   MQTT Connector                  Glowmarkt MQTT Broker: Starting Device
   MQTT Connector Debug            Glowmarkt MQTT Broker: Broker __init__ address = glowmqtt.energyhive.com, port = 8883, protocol = 4, transport = tcp
   MQTT Connector Debug            Glowmarkt MQTT Broker: Enabling library level debugging


Also if I enable Verbose Debugging Messages I start to see lots of MQTT Connector Debug log messages but related to

Code: Select all

   MQTT Connector Debug            Timer All Lights: deviceUpdated: id = 1657820952, devList = published_devices : (list)
   MQTT Connector Debug            Timer Study Light: deviceUpdated: doExcludes = False, listedDevice = False
   MQTT Connector Debug            Timer Study Light: deviceUpdated: id = 1963392240, devList = published_devices : (list)
   MQTT Connector Debug            Timer All Lights: deviceUpdated: doExcludes = False, listedDevice = False
   MQTT Connector Debug            Timer All Lights: deviceUpdated: id = 1657820952, devList = published_devices : (list)
   MQTT Connector Debug            Timer Study Light: deviceUpdated: doExcludes = False, listedDevice = False
   MQTT Connector Debug            Timer Study Light: deviceUpdated: id = 1963392240, devList = published_devices : (list)
   MQTT Connector Debug            Timer All Lights: deviceUpdated: doExcludes = False, listedDevice = False
   MQTT Connector Debug            Timer All Lights: deviceUpdated: id = 1657820952, devList = published_devices : (list)
   MQTT Connector Debug            Timer Study Light: deviceUpdated: doExcludes = False, listedDevice = False
   MQTT Connector Debug            Timer Study Light: deviceUpdated: id = 1963392240, devList = published_devices : (list)
   MQTT Connector Debug            Timer All Lights: deviceUpdated: doExcludes = False, listedDevice = False
   MQTT Connector Debug            Timer All Lights: deviceUpdated: id = 1657820952, devList = published_devices : (list)
   MQTT Connector Debug            Timer Study Light: deviceUpdated: doExcludes = False, listedDevice = False
   MQTT Connector Debug            Timer Study Light: deviceUpdated: id = 1963392240, devList = published_devices : (list)


I have raised issue 18 on GitHub. Do note the connection works when not using SSL/TLS.

As an aside, why that particular MQTT server? => Not sure about this question. Why do I want to connect to this server? Why does it fail on this server?

Thanks

As an aside, why that particular MQTT server? => Not sure about this question. Why do I want to connect to this server? Why does it fail on this server?

Why do you want to use that server, given this problem? Why not run your own MQTT server?

Why do you want to use that server, given this problem? Why not run your own MQTT server?

Because it has the data that I want. Is there a way to run my own MQTT server which connects to the external MQTT server outside of the plugin? I am not too familiar about MQTT hence the question.

Thanks

Oh, if it's a third-party provider that's generating data via that MQTT broker, then you have to connect to it.