search

esphome / issues

Issue Tracker for ESPHome
https://esphome.io/
292 stars 36 forks source link

Unable to access device logs wirelessly using MQTT with TLS #5370

Open mak-42 opened 10 months ago

mak-42 commented 10 months ago

The problem

I am unable to access device logs wirelessly using MQTT with TLS (there is no problem without tls).

It displays something like that:

INFO ESPHome 2023.12.5
INFO Reading configuration /config/test01node.yaml...
INFO Starting log output from test01node/debug
INFO Successfully reconnected to the MQTT server
INFO Successfully reconnected to the MQTT server
INFO Successfully reconnected to the MQTT server

MQTT broker log:

2024-01-13T10:33:49: New connection from xxx.xxx.xxx.xxx:5269 on port 8883.
2024-01-13T10:33:49: OpenSSL Error[0]: error:1402542E:SSL routines:ACCEPT_SR_CLNT_HELLO:tlsv1 alert protocol version
2024-01-13T10:33:49: Client <unknown> disconnected: Protocol error.

It seems ESPHome does not use certificate pointed in "certificate_authority" param.

config:

esphome:
  name:  test01node

esp32:
  board: nodemcu-32s
  framework:
    type: esp-idf

logger:

ota:
  password: !secret NODE01_OTA_PSW

wifi:
  ssid: !secret WIFI_SSID
  password: !secret WIFI_PASS

web_server:
  port: 80
  auth:
    username: !secret NODE01_WEB_LOG
    password: !secret NODE01_WEB_PSW

mqtt:
  broker: !secret MQTT_MAIN_ADDR
  port: !secret MQTT_MAIN_S_PORT
  certificate_authority: !secret MQTT_MAIN_CA_CERT
  username: !secret NODE01_MQTT_LOG
  password: !secret NODE01_MQTT_PSW
  client_id: test01node
  topic_prefix: test01node

esp32_ble_tracker:

#....

Which version of ESPHome has the issue?

2023.12.5

What type of installation are you using?

Docker

Which version of Home Assistant has the issue?

No response

What platform are you using?

ESP32-IDF

Board

No response

Component causing the issue

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

SaschaRoelofs commented 9 months ago

Have you found a solution?

mak-42 commented 9 months ago

Have you found a solution?

Nope.
A workaround is using cable, but it is not very convenient.

Sian-Lee-SA commented 6 months ago

My issue shows

ERROR Cannot connect to MQTT broker: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:992)

Which I assume is the frontend not able to connect although the device connects fine. If your log_topic is assigned then you can use MQTT-Explorer as such and see the logs in that topic.