I’ve got Mosquitto running alongside Rhasspy without TLS working successfully. I’ve tried to switch things over to using TLS and can’t seem to get things working with self signed certs.
I’ve followed this guide for generating my self signed CA/keys/certs, but upon Rhasspy trying to connect to MQTT it’s complaining about my certs being self signed.
My understanding was that as long as I shared the ca.crt with the MQTT broker and Rhasspy then I shouldn’t have any issues with self signing.
Not sure what I’m missing here…I imagine self signing is popular for those of you here using MQTT+TLS together, or is everyone using a legit Certificate Authority (letsencrypt or whatever else)?
"ca_certs": "/profiles/ca.crt", "certfile": "/profiles/client.crt", "keyfile": "/profiles/client.key"
[DEBUG:2022-01-27 21:16:48,386] rhasspynlu_hermes: Connecting to 192.168.1.98:8883 Traceback (most recent call last): File "/usr/lib/python3.7/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/usr/lib/python3.7/runpy.py", line 85, in _run_code exec(code, run_globals) File "/usr/lib/rhasspy/rhasspy-nlu-hermes/rhasspynlu_hermes/__main__.py", line 107, in <module> main() File "/usr/lib/rhasspy/rhasspy-nlu-hermes/rhasspynlu_hermes/__main__.py", line 77, in main hermes_cli.connect(client, args) File "/usr/lib/rhasspy/rhasspy-hermes/rhasspyhermes/cli.py", line 93, in connect client.connect(args.host, args.port) File "/usr/lib/rhasspy/.venv/lib/python3.7/site-packages/paho/mqtt/client.py", line 937, in connect return self.reconnect() File "/usr/lib/rhasspy/.venv/lib/python3.7/site-packages/paho/mqtt/client.py", line 1100, in reconnect sock.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)