ble2mqtt icon indicating copy to clipboard operation
ble2mqtt copied to clipboard

Published 20 hours ago verified publisher icon devbis

Cannot connect to MQTT broker with SSL

Open farrad opened this issue 3 years ago • 1 comments

While trying to connect to a MQTT broker (Mosquitto) with encryption and certificate verification the following error occurs:

INFO:ble2mqtt.__main__:Starting BLE2MQTT version 0.1.0a47
ERROR:ble2mqtt.ble2mqtt:Connection lost. Will retry in 10 seconds.
Traceback (most recent call last):
  File "/root/.local/lib/python3.9/site-packages/aio_mqtt/client.py", line 202, in connect
    self._reader, self._writer = await aio.open_connection(
  File "/usr/local/lib/python3.9/asyncio/streams.py", line 52, in open_connection
    transport, _ = await loop.create_connection(
  File "/usr/local/lib/python3.9/asyncio/base_events.py", line 1056, in create_connection
    raise exceptions[0]
  File "/usr/local/lib/python3.9/asyncio/base_events.py", line 1041, in create_connection
    sock = await self._connect_sock(
  File "/usr/local/lib/python3.9/asyncio/base_events.py", line 955, in _connect_sock
    await self.sock_connect(sock, address)
  File "/usr/local/lib/python3.9/asyncio/selector_events.py", line 502, in sock_connect
    return await fut
  File "/usr/local/lib/python3.9/asyncio/selector_events.py", line 537, in _sock_connect_cb
    raise OSError(err, f'Connect call failed {address}')
ConnectionRefusedError: [Errno 111] Connect call failed ('<MQTT_BROKER_IP>', 8883)

My ble2mqtt.json config is as follows:

{
    "mqtt_host": "<MQTT_BROKER_ADDRESS>",
    "mqtt_port": 8883,
    "mqtt_user": "<USER>",
    "mqtt_password": "<PASS>",
    "base_topic": "ble2mqtt",
    "mqtt_prefix": "b2m_",
    "log_level": "INFO",
    "devices": [
        {
            "address": "<MAC>",
            "friendly_name": "Avea",
            "type": "avea_rgbw"
        }
    ]
}

Where should I configure the certificate to be used?

farrad avatar Jan 06 '22 22:01 farrad

Hi, ssl certificates for connecting are not implemented yet.

devbis avatar Jan 07 '22 15:01 devbis

Hello @farrad , As a workaround you can use "Bridging":

  • At the device running ble2mqtt install mosquitto
  • configure a listener limited to localhost
  • configure ble2mqtt to use this local mosquitto
  • configure a bridge to your next MQTT-broker with TLS

Here is a minimal config for the local mosquitto:

#This is the local listener, limited to localhost to only accept local connections
allow_anonymous true                                                            
listener 1883 127.0.0.1                                                         

#connection to the real broker                                                  
connection Broker-remote                                                       
address 192.168.1.1:8883                                                      
topic ble2mqtt/# both 0                                                     
remote_username supername                                                          
remote_password supersecretpassword                                       
bridge_cafile /etc/config/broker.crt

Longterm this might be included into ble2mqtt itself. It does not need to be complicated IMHO. I did that in the past for a trivial script myself (https://github.com/Torxgewinde/MQTT-GPIO/blob/main/MQTT_GPIO.py) even though I am not experienced with python.

Cheers, Tom

Torxgewinde avatar Nov 21 '22 18:11 Torxgewinde