search

Koenkk / zigbee2mqtt

Zigbee 🐝 to MQTT bridge 🌉, get rid of your proprietary Zigbee bridges 🔨
https://www.zigbee2mqtt.io
GNU General Public License v3.0
11.81k stars 1.64k forks source link

MQTT error: Hostname/IP does not match certificate's altnames #19450

Open Fufs opened 11 months ago

Fufs commented 11 months ago

What happened?

I'm using a Let's Encrypt certificate for my MQTT broker. This works great when connecting to the broker from outside using a domain. However, I'm using both the mosquitto and z2m add-ons in home assistant. That means that if I want my mqtt traffic to not leave docker network I have to use hostnames that I cannot put into my certificate alt names since it will not pass certbot validation.

I tried setting reject_unauthorized: false but that did not help.

What did you expect to happen?

I expected to have an option to ignore broker certificate validation like the one in Home Assistant

image

How to reproduce it (minimal and precise)

  1. Start MQTT broker in TLS mode with a domain A in the alt names list
  2. Try connecting Z2M to the broker with core-mosquitto
  3. MQTT error: Hostname/IP does not match certificate's altnames: Host: core-mosquitto. is not in the cert's altnames: DNS:[domain A]

Zigbee2MQTT version

1.33.1

Adapter firmware version

unrelated

Adapter

unrelated

Debug log

Zigbee2MQTT:info  2023-10-27 18:16:41: Connecting to MQTT server at mqtts://core-mosquitto:8883
Zigbee2MQTT:error 2023-10-27 18:16:42: MQTT error: Hostname/IP does not match certificate's altnames: Host: core-mosquitto. is not in the cert's altnames: DNS:[domain A]
Zigbee2MQTT:error 2023-10-27 18:16:42: MQTT failed to connect, exiting...
Zigbee2MQTT:info  2023-10-27 18:16:42: Stopping zigbee-herdsman...
Zigbee2MQTT:error 2023-10-27 18:16:43: MQTT error: Hostname/IP does not match certificate's altnames: Host: core-mosquitto. is not in the cert's altnames: DNS:[domain A]
Zigbee2MQTT:error 2023-10-27 18:16:44: MQTT error: Hostname/IP does not match certificate's altnames: Host: core-mosquitto. is not in the cert's altnames: DNS:[domain A]
Fufs commented 11 months ago

It does work when I enter domain A into the config but would rather connect with core-moquitto

github-actions[bot] commented 5 months ago

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days

Fufs commented 5 months ago

Still a problem