I think I found it.
In weewx.conf, you have:
[[tls]]
tls_version = tlsv1
ca_certs = /etc/ssl/certs/ca-certificates.crt
It should be:
[[[tls]]]
tls_version = tlsv1
ca_certs = /etc/ssl/certs/ca-certificates.crt
Note 3 brackets around tls. Try that.
BTW. I do have the extra lines you note in
/etc/mosquitto/conf.d/myconfig.conf. I was in a huury when posting last
night.
phil
On Friday, October 12, 2018 at 6:42:41 AM UTC-4, David Hindley wrote:
>
> Not sure it will help solve this or not, but the Mosquitto log shows the
> following:
>
> New connection from 86.27.145.159 on port 8883.
> 1539340809: OpenSSL Error: error:1408F10B:SSL
> routines:ssl3_get_record:wrong version number
> 1539340809: Socket error on client <unknown>, disconnecting.
> 1539340811: Client connection from 86.27.145.159 failed:
> error:1408F10B:SSL routines:ssl3_get_record:wrong version number.
> 1539340814: New connection from 86.27.145.159 on port 8883.
>
> So, it does seem to be SSL related, but I am not sure how to solve this.
> Any ideas please anyone?
>
> David.
>
> On Fri, 12 Oct 2018 at 10:01, David Hindley <[email protected]
> <javascript:>> wrote:
>
>> Phil/Pat
>>
>> Many Thanks for you reply.
>>
>> I did set up a password for Mosquitto and also the acl file, as per your
>> email below.
>>
>> However, my myconfig.conf file is different to the one you listed below,
>> as I am using Let's Encrypt SSL, so followed the format towards the end of
>> Pat's post ( MQTT "tutorial"
>> <https://obrienlabs.net/how-to-setup-your-own-mqtt-broker/> ), as
>> follows:
>>
>> persistence false
>>
>> allow_anonymous true
>> password_file /etc/mosquitto/passwd
>>
>> acl_file /etc/mosquitto/acl
>>
>> #Insecure mqtt to localhost only and secure mqtt with ssl
>> listener 1883 localhost
>> listener 8883
>> certfile /etc/letsencrypt/live/mqttdh.uk/cert.pem
>> cafile /etc/letsencrypt/live/mqttdh.uk/chain.pem
>> keyfile /etc/letsencrypt/live/mqttdh.uk/privkey.pem
>> protocol mqtt
>>
>> # websockets
>> listener 9001
>> certfile /etc/letsencrypt/live/mqttdh.uk/cert.pem
>> cafile /etc/letsencrypt/live/mqttdh.uk/chain.pem
>> keyfile /etc/letsencrypt/live/mqttdh.uk/privkey.pem
>> protocol websockets
>>
>> Did you not use SSL on your set up for https://wx.kutzenco.com? Maybe I
>> have done something wrong with trying to set this part up. It is really
>> frustrating, as the syslog reports that MQTT is sending records, as it
>> contains several lines like:
>>
>> Oct 12 09:58:27 raspberrypi weewx[1147]: restx: MQTT: Published record
>> 2018-10-12 09:58:28 BST (1539334708)
>>
>> Pat - if you see this, do you have any ideas what I might be doing wrong
>> - my hunch is that it is something to do with the settings for SSL for MQTT
>> in weewx.conf, which are shown below. Do I need to create the
>> ca-certificates.crt file? Or I guess it could be some issue with my web
>> host for www.ashteadweather.com which is 1&1 (with SSL).
>>
>> Thanks
>>
>> David.
>>
>> *weewx.conf file*
>>
>> [[MQTT]]
>> server_url = mqtt://xxxxx:[email protected]:8883/
>> topic = weather
>> unit_system = METRIC
>> aggregation = aggregate
>> binding = archive,loop
>> # log_success = False
>> # log_failure = True
>> [[tls]]
>> tls_version = tlsv1
>> ca_certs = /etc/ssl/certs/ca-certificates.crt
>>
>> The Belchertown skin.conf MQTT content is as follows:
>>
>> # MQTT Defaults
>> mqtt_enabled = 1
>> mqtt_host = mqttdh.uk
>> mqtt_port = 9001
>> mqtt_ssl = 1
>> mqtt_topic = "weather/loop"
>> disconnect_live_website_visitor = 0
>>
>>
--
You received this message because you are subscribed to the Google Groups
"weewx-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
