How to use MQTT with TLS for Home Assistant?

Hi. I have recently upgraded to V3, but I am struggling with the mqtt connection. I am using Mosquitto as an addon to Home Assistant and if I remember it correctly, I had to download and reference the mqtt-ca.pem found here: https://www.thethingsnetwork.org/docs/applications/mqtt/api/
But I suppose that is not a valid certificate when using eu1.cloud.thethings.network:8883
Is there a new certificate to use? I have searched, but cannot find any.

The Things Stack Community Edition and The Things Stack Cloud use certificates that are trusted by your operating system, so you don’t need to configure custom certificate anymore.

If you work with mosquitto_sub, you can use the --tls-use-os-certs flag to make it use the certificates from your operating system.

No, my only option is to configure mosquitto with a conf file. And I didn’t find a “tls use os certs” option.

And Mosquitto is run in a Docker and I have no control of the os certificates

Each docker container is effectively its own operating system, so actually this gives you even more control of such things - being able to uniquely configure things that would traditionally be system wide is half the point of docker.

You can most certainly customize the command line used to invoke mosquitto.

It would appear that eu1.cloud.thethings.network:8883 is currently serving up a short term certificate signed by Let’s Encrypt, so what you need to do is validate it through the chain up through Let’s Encrypt and ISRG Root X1 rather than pinning this short lived certificate specifically.

If “ISRG Root X1” isn’t already there, that’s what you’d need to add to your docker config, or else pass explicitly to mosquitto

No, this docker is not maintained by me and I have little control over it. I cannot customize the command line either.

But I think I just power down the Dragino LPS8 for good and buy some zigbee sensors (temperature and humidity) instead. There is a working zigbee net there so that is a cheaper solution than burning hours on this.

An immutable docker configuration that can’t deal with periodically re-issued Let’s Encrypt certificates doesn’t really sound like something production grade. And immutability isn’t really something that exists anyway, unless it’s a machine instance belonging to someone else.

But nevermind.

There’s fairly limited overlap in the use cases of LoRaWAN and zigbee given the drastic differences in the radio technology which they use.

If Zigbee meets your functional needs, then zigbee is probably what you should be using - nevermind the momentary software configuration learning curve.

Maybe you can give that LoRaWAN gateway to someone who will use it, or put it on ebay or something and recover some of your cost while seeing that it does get used.

To use TTN with MQTT in Home Assistant use MQTT bridging.

To enable TLS with bridging see: Cannot connect to MQTT over the port 8883 - #2 by bluejedi