Mosquitto not authorised

So this morning, I found almost all my sensors and modules were unavailable in Home Assistant. I soon realized that something was wrong with my MQTT. I checked my syslog and found out that Mosquitto had been upgraded from 1.6.12 to 2.0.7. Apparently I used snap to install a recent version on my Ubuntu system, and apparently this upgrades automatically.

This was a typical “install and forget” package, a long time ago. I left all the setting to default. I didn’t even create a config file. So now I had to troubleshoot before the whole house woke up and started complaining.

So, first of all, it uses Snap. I found out by using netstat -tupan | grep LISTEN to see the PID that was listening on port 1883. Then ps aux | grep 13479 gave me this:

Snap has it’s own folder structure, so that’s why I couldn’t find /etc/mosquitto/mosquitto.conf or something like that. On this Mosquitto Snap page I found out that instead you go to /var/snap/mosquitto/common. If you go back one folder, you see that common is a symlink to a number. In my case I used to have 387, now it has 533. Anyways, all I found there was a mosquitto_example.conf.

I figured that the default settings didn’t allow anonymous connections anymore. So I copied mosquitto_example.conf to mosquitto.conf in the /var/snap/mosquitto/common folder and started editting. I’ll save you the trouble if you are like my and just want it back the way it was. I needed to uncomment the lines bind_address and allow_anonymous. So the settings are:

Then I found out that sudo systemctl restart mosquitto doesn’t work either. Even the service management of snap packages is different *sigh*.

So with sudo snap services you can list the services that you have installed with snap. To restart my mosquitto I had to do:

Then all devices and services were connecting again, and all came back to normal. Next step is to add authentication and migrate all devices over to an authenticated connection.

I will probably remember that on a next upgrade.

2 thoughts on “Mosquitto not authorised

  1. If your using TLS with the ‘require_certificate true’ for mutual certificate authentication, you can then set ‘use_identity_as_username true’ and the device’s username will come from the CN value in the client certificate. This is what I did to get my mobile devices reconnected after the update.

Leave a Reply

Your email address will not be published. Required fields are marked *