MQTT TLS and Self Signed Certs?

I’ve got Mosquitto running alongside Rhasspy without TLS working successfully. I’ve tried to switch things over to using TLS and can’t seem to get things working with self signed certs.

I’ve followed this guide for generating my self signed CA/keys/certs, but upon Rhasspy trying to connect to MQTT it’s complaining about my certs being self signed.

My understanding was that as long as I shared the ca.crt with the MQTT broker and Rhasspy then I shouldn’t have any issues with self signing.

Not sure what I’m missing here…I imagine self signing is popular for those of you here using MQTT+TLS together, or is everyone using a legit Certificate Authority (letsencrypt or whatever else)?

"ca_certs": "/profiles/ca.crt",
"certfile": "/profiles/client.crt",
"keyfile": "/profiles/client.key"
[DEBUG:2022-01-27 21:16:48,386] rhasspynlu_hermes: Connecting to
Traceback (most recent call last):
  File "/usr/lib/python3.7/", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.7/", line 85, in _run_code
    exec(code, run_globals)
  File "/usr/lib/rhasspy/rhasspy-nlu-hermes/rhasspynlu_hermes/", line 107, in <module>
  File "/usr/lib/rhasspy/rhasspy-nlu-hermes/rhasspynlu_hermes/", line 77, in main
    hermes_cli.connect(client, args)
  File "/usr/lib/rhasspy/rhasspy-hermes/rhasspyhermes/", line 93, in connect
    client.connect(, args.port)
  File "/usr/lib/rhasspy/.venv/lib/python3.7/site-packages/paho/mqtt/", line 937, in connect
    return self.reconnect()
  File "/usr/lib/rhasspy/.venv/lib/python3.7/site-packages/paho/mqtt/", line 1100, in reconnect
  File "/usr/lib/python3.7/", line 1117, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)

Following this guide worked in case anyone is running into the same thing. I’m still not totally clear on what’s different here, but oh well.