I have installed Mosquitto on a brand new Raspberry Pi. OS is Raspbian.
I followed the instructions on the Owntracks website.
The broker is listening on port 1883 on localhost. Using a username and password I can run mosquitto_sub in one ssh session to the Pi, and receive messages sent by mosquitto_pub from another ssh session.
The broker is also listening on port 8883. I created certificates using the script in the Owntracks repository.
When I run mosquitto_pub on the Pi, using the hostname or IP-address I get an error "Error: Connection refused".
When I use localhost or 127.0.0.1 the error is "A TLS error occurred.".
If I run mosquitto_pub on my desktop computer (which is in the same LAN as the Pi), the error is "Connection refused". The command I run here is
mosquitto_pub -t owntracks/test -m Test -h pi1 --cafile ca.crt
where pi1 is the hostname of the Pi running the broker. The ca.crt file is copied from the Pi to the desktop computer.
The Mosquitto log is not showing why the connections are refused.
The TLS setup in the Mosquitto config looks like this:
listener 1883 127.0.0.1
listener 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
require_certificate false
What is wrong in my setup?
if you try to use TLS with mosquitto
you must add this option to your command "-p 8883" to indicate the port
and you don't need to put "-h localhost or pi " because you use the client command mosquitto_pub in the same machine that run mosquitto broker
then your command we'll be :
"mosquitto_pub -d -u username -P password -t /path/to/the/topic --cafile /path/to/the/certificate -p 8883
don't forgot to comment this line
listener 1883
in your mosquitto.conf
Recreating all certificates solved the problem. Apparently I did something wrong with including local vs. remote IP-addresses and host names.
The TLS error messages are not very informative, but that probably has to do with security precautions.
Related
I am running Mosquitto MQTT broker on the localhost of my PC and I want to publish or subscribe data through MQTT with Mosquitto from a remote IP (another PC). Both the PCs are connect to the same Wifi public network. I have disable the firewall of the two PCs and I am able to ping one another on command prompt. I have look up on several websites and tried editing the config file of the Mosquitto MQTT broker by adding these two lines.
listener 1883
allow_anonymous true
I have started the Mosquitto broker by executing mosquitto -c mosquitto.conf -v
The following is the log appear the mosquitto start.
C:\Program Files\mosquitto>mosquitto -c mosquitto.conf -v
1665133477: mosquitto version 2.0.15 starting
1665133477: Config loaded from mosquitto.conf.
1665133477: Opening ipv6 listen socket on port 1883.
1665133477: Opening ipv4 listen socket on port 1883.
1665133477: mosquitto version 2.0.15 running
However, on the publishing PC, it prompts the error below.
C:\Program Files\mosquitto>mosquitto_pub -h XXX.XXX.XX.X -t Test -m "Hello World" -p 8883 -d
Error: No connection could be made because the target machine actively refused it.
The situation is same for subscribing. I am currently using the latest version of Mosquitto 2.0.15. Can anyone help me on this situation? Your help would be much appreciated. Thanks in advance!
I am having some problems with my Mosquitto MQTT broker which I do not understand. I had setup another Mosquitto broker in a Google Cloud Ubuntu 20.04 VM and it was working properly. I have moved to a self-managed Ubuntu 20.04 VM in my university and have not been able to connect to the broker ever since. A little background on the current setup:
netfilter-persistent firewall (am unsure of the exact name of the firewall, this is the name of th service) has port 1883 open
ufw is inactive
the university has 2 levels in the firewall, one in the VM and one external. I have asked for the opening of ports 1883 (I am aware that only port 8883 should be open but this is temporary until I solve my issue)
the VM is accessible from outside the LAN of the university, as checked in https://www.yougetsignal.com/tools/open-ports/
I have an Apache webpage running and it is also accessible externally
I have NodeRED using port 1880 and it is also accessible externally
My Mosquitto conf file looks like the following. For the time being, I am not using TLS authentication, as I first need to solve the issue with the connection.
allow_anonymous false
password_file /etc/mosquitto/passwd
listener 1883 0.0.0.0
However, I have not been able to enable the communication when using either the server IP or the domain name. If I attempt to connect using localhost, everything works:
~$ mosquitto_sub -h localhost -t test -p 1883 -u "XX" -P "XX" -d
Client (null) sending CONNECT
Client (null) received CONNACK (0)
Client (null) sending SUBSCRIBE (Mid: 1, Topic: test, QoS: 0, Options: 0x00)
Client (null) received SUBACK
Subscribed (mid: 1): 0
If I attempt to connect with the domain name, I never receive an acknowledgment and the connection is never established:
~$ mosquitto_sub -h domain.com -t test -p 1883 -u "XX" -P "XX" -d
Client (null) sending CONNECT
Client (null) sending CONNECT
Client (null) sending CONNECT
Client (null) sending CONNECT
Client (null) sending CONNECT
Mosquitto seems to be properly bound when running the lsof -i command in the console:
mosquitto 2177304 mosquitto 5u IPv4 10127120 0t0 TCP *:1883 (LISTEN)
mosquitto 2177304 mosquitto 7u IPv4 10127251 0t0 TCP localhost:1883->localhost:47236 (ESTABLISHED)
I would appreciate it if anyone could guide me into what could be the root of my issue. If more information is needed regarding my setup, I will gladly provide it.
Thanks in advance to all!
I am running Mosquitto 1.4.8 on Ubuntu successfully on port 1883 (tested from another machine with mosquitto_sub/mosquitto_pub). However I am encountering issues when attempting to use another port eg.
mosquitto -p 1884 -c moddebug.conf
This works OK if I access it from the same machine e.g.:
mosquitto_pub -h 127.0.0.1 -p 1884
but if I attempt to connect from another machine I get an error:
mosquitto_pub -h IP_ADDRESS -t exmapleTopic -p 1884
Connection timed out
My moddebug.conf file is:
log_type all
log_dest file mosquitto2_log.log
The log does not provide any extra information:
Config loaded from mosdebug.conf.
Opening ipv4 listen socket on port 1884.
Opening ipv6 listen socket on port 1884.
mosquitto version 1.4.8 terminating
I have tried altering the firewall rules (but this did not help):
ufw allow 1884/tcp
Rules updated
Rules updated (v6)
My router's static IP is set for Raspberry Pi.
mosquitto_sub -t he -u "hello" -p "world"
Error:
Invalid port given: 0
he --------topic name
The above error is occurring - please guide me. Thanks in advance.
From the mosquitto_sub man page:
-p, --port
Connect to the port specified. If not given, the default of 1883 for plain MQTT or 8883 for MQTT over TLS will be used.
-P, --pw
Provide a password to be used for authenticating with the broker. Using this argument without also specifying a username is invalid. See
also the --username option.
Hello I have installed mosquitto broker on my Raspberry Pi.
I'm trying to activate SSL but when I try to publish a message it returns connection refused.
My conf is:
# MQTT over TLS/SSL
listener 8883
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/hostname.crt
keyfile /etc/mosquitto/certs/hostnmae.key
tls_version tlsv1.2
# WebSockets over TLS/SSL
listener 9883
#protocol websockets
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/hostname.crt
keyfile /etc/mosquitto/certs/hostname.key
tls_version tlsv1.2
When I try:
mosquitto_pub --cafile /etc/mosquitto/certs/ca.crt -h localhost -t "test" -m "message" -p 8883
it return
Error: Connection refused
without logs.
"Connection refused" means that nothing is listening on the port you tried to connect to, 9883.
It's possible the Mosquitto just isn't running, or that it's not actually listening on the port (perhaps it didn't read the correct configuration file, or the configuration file correctly).
You can use lsof to find out what processes are listening on a port, or what ports a process is listening on.
For instance,
lsof -I :9883
will tell you what processes are listening on port 9883. If you don't see any then there's a problem with the Mosquitto server.
lsof -c mosquitto | grep TCP
will show you a what ports Mosquitto is listening on.
ps ax | grep mosquitto
will show you if Mosquitto is actually running.
If Mosquitto is running but port 9883 doesn't show up then it'll need to figure out why it's not picking up your configuration.
If it's not running you'll need to figure out why.
You may need to install lsof. You can do that with
sudo apt-get install lsof