-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Support]: MQTT Configuration does not support MQTTS without self-signed certs #2471
Comments
I was facing the same problem, for the latest version we need to add two configurations mqtt:
...
tls_ca_certs: /etc/ssl/certs/ca-certificates.crt
tls_insecure: false |
Thanks - got it working finally (HA addon) but i had to set: mqtt:
...
tls_ca_certs: /etc/ssl/certs/ca-certificates.crt
tls_insecure: true tls_insecure has to be true for the add-on, because it's connecting to the IP not the FQDN in the certificate. Just for anyone else reading this thread. |
That will depend on your configuration. In my case the host I have set is a FQDN valid in my certificate, and tls_insecure: false works for me. |
Describe the problem you are having
I was trying to get Frigate to connect to my MQTT server that uses a certificate from Let's Encrypt (not self signed). When I run Frigate without setting tls_ca_certs, Frigate does not connect to my MQTT server and displays not log output related to MQTT. If I set tls_ca_certs to the default certificate authority file (
/etc/ssl/certs/ca-certificates.crt
), it connects properly.I did some digging around the code and found this line that controls enabling SSL/TLS with paho-mqtt. It does not call
tls_set
unless a value for tls_ca_certs is provided. Referring to the documentation for this function, it states that if you call it without providing a value for ca_certs on Python 3.4+, it will use the default certificate authority of the system.The configuration should be changed to allow for a secure flag to be set to enable SSL/TLS without providing a certificate authority or updating the documentation to indicate that you need to use a default value of
/etc/ssl/certs/ca-certificates.crt
(For Ubuntu 20.04)Version
0.9.4-26ae608
Frigate config file
Relevant log output
FFprobe output from your camera
Frigate stats
N/A
Operating system
Debian
Install method
Docker Compose
Coral version
CPU (no coral)
Network connection
Wired
Camera make and model
Reolink 520
Any other information that may be helpful
Really cool project and just wanted to fix this for anyone else who might have the same problem as I couldn't find anything online.
The text was updated successfully, but these errors were encountered: