Thank you for this. That second part is definitely me not understanding the whole TLS thing, but the way you explained it makes it a lot clearer for me. I guess where i got tripped up is that since weewx is "serving up the data" that is also the server, but that is not how MQTT works of course, the broker is the server and both the publisher and the subscriber are the clients.
Thanks again for making things clearer for me. Roy Op maandag 16 februari 2026 om 19:54:32 UTC+1 schreef Greg Troxel: > "[email protected]" <[email protected]> writes: > > > I missed the part for mosquitto_pub where it says:"if the -p 8883 option > is > > used then the OS provided certificates will be loaded and neither > --cafile > > or --capath are needed." > > The practice of having to specify a specific CA or a set of CAs to > enable TLS was always unusual and mosquitto has moved away from it. > When being a TLS validator, the standard approach is to use the system > list of CAs (== configured set of trust anchors). > > > Now I need to figure out how to get Certificate Authority certificate > > files onto my RPi or point mqttpublish to the OS provided ertifiace to > see > > if that will work too. > > If i've understood correctly certbot needs the RPi to be exposed to the > > internet which is what i don't want to do. > > This part doesn't make sense. For a TLS *server*, such as mosquitto, > you need a certificate and private key, and you usually use lets > encrypt. > > For a TLS client, the standard OS set of preconfigured CAs (trust > anchors) is fine. > > On my Raspberry Pi OS 13 system, /etc/ssl/certs has a lot of contents. > (I'm not running a weewx mqtt client on it.) > > > At this point I'm not sure what's not working for you and what's > configured. > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/weewx-user/9284db69-76e2-46dd-941a-b321afd9da92n%40googlegroups.com.
