I think I found it. In weewx.conf, you have:
[[tls]] tls_version = tlsv1 ca_certs = /etc/ssl/certs/ca-certificates.crt It should be: [[[tls]]] tls_version = tlsv1 ca_certs = /etc/ssl/certs/ca-certificates.crt Note 3 brackets around tls. Try that. BTW. I do have the extra lines you note in /etc/mosquitto/conf.d/myconfig.conf. I was in a huury when posting last night. phil On Friday, October 12, 2018 at 6:42:41 AM UTC-4, David Hindley wrote: > > Not sure it will help solve this or not, but the Mosquitto log shows the > following: > > New connection from 86.27.145.159 on port 8883. > 1539340809: OpenSSL Error: error:1408F10B:SSL > routines:ssl3_get_record:wrong version number > 1539340809: Socket error on client <unknown>, disconnecting. > 1539340811: Client connection from 86.27.145.159 failed: > error:1408F10B:SSL routines:ssl3_get_record:wrong version number. > 1539340814: New connection from 86.27.145.159 on port 8883. > > So, it does seem to be SSL related, but I am not sure how to solve this. > Any ideas please anyone? > > David. > > On Fri, 12 Oct 2018 at 10:01, David Hindley <dhin...@djhindley.com > <javascript:>> wrote: > >> Phil/Pat >> >> Many Thanks for you reply. >> >> I did set up a password for Mosquitto and also the acl file, as per your >> email below. >> >> However, my myconfig.conf file is different to the one you listed below, >> as I am using Let's Encrypt SSL, so followed the format towards the end of >> Pat's post ( MQTT "tutorial" >> <https://obrienlabs.net/how-to-setup-your-own-mqtt-broker/> ), as >> follows: >> >> persistence false >> >> allow_anonymous true >> password_file /etc/mosquitto/passwd >> >> acl_file /etc/mosquitto/acl >> >> #Insecure mqtt to localhost only and secure mqtt with ssl >> listener 1883 localhost >> listener 8883 >> certfile /etc/letsencrypt/live/mqttdh.uk/cert.pem >> cafile /etc/letsencrypt/live/mqttdh.uk/chain.pem >> keyfile /etc/letsencrypt/live/mqttdh.uk/privkey.pem >> protocol mqtt >> >> # websockets >> listener 9001 >> certfile /etc/letsencrypt/live/mqttdh.uk/cert.pem >> cafile /etc/letsencrypt/live/mqttdh.uk/chain.pem >> keyfile /etc/letsencrypt/live/mqttdh.uk/privkey.pem >> protocol websockets >> >> Did you not use SSL on your set up for https://wx.kutzenco.com? Maybe I >> have done something wrong with trying to set this part up. It is really >> frustrating, as the syslog reports that MQTT is sending records, as it >> contains several lines like: >> >> Oct 12 09:58:27 raspberrypi weewx[1147]: restx: MQTT: Published record >> 2018-10-12 09:58:28 BST (1539334708) >> >> Pat - if you see this, do you have any ideas what I might be doing wrong >> - my hunch is that it is something to do with the settings for SSL for MQTT >> in weewx.conf, which are shown below. Do I need to create the >> ca-certificates.crt file? Or I guess it could be some issue with my web >> host for www.ashteadweather.com which is 1&1 (with SSL). >> >> Thanks >> >> David. >> >> *weewx.conf file* >> >> [[MQTT]] >> server_url = mqtt://xxxxx:zzzz...@mqttdh.uk:8883/ >> topic = weather >> unit_system = METRIC >> aggregation = aggregate >> binding = archive,loop >> # log_success = False >> # log_failure = True >> [[tls]] >> tls_version = tlsv1 >> ca_certs = /etc/ssl/certs/ca-certificates.crt >> >> The Belchertown skin.conf MQTT content is as follows: >> >> # MQTT Defaults >> mqtt_enabled = 1 >> mqtt_host = mqttdh.uk >> mqtt_port = 9001 >> mqtt_ssl = 1 >> mqtt_topic = "weather/loop" >> disconnect_live_website_visitor = 0 >> >> -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.