SSL certificate expired message

[giwleb]

Problem/Motivation

Addon seems to have stopped allowing connections after my previous cert expired last week. I had renewed the cert earlier in the month and the new expiration is in effect. HA UI recognizes the new date, and the following command shows it's valid now: openssl x509 -enddate -noout -in fullchain.pem notAfter=Oct 12 11:28:57 2019 GMT

config:

{ "ssl": true, "certfile": "fullchain.pem", "keyfile": "privkey.pem", "broker": true, "allow_anonymous": false, "mqttusers": [...] }

Expected behavior

After cert renewal and new cert put in \ssl, expect the addon to use the new cert and recognize the new expiration

Actual behavior

When connecting to the UI, the login fails with Connect failed: AMQJS0007E Socket error:undefined. The log file shows: 1564252609: OpenSSL Error: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired 1564252609: Socket error on client , disconnecting.

Steps to reproduce

Not sure, but update your SSL cert and see if the addon recognizes the new expiry?

Proposed changes

None at the moment..

[sinclairpaul]

Can you share the startup log for the addon?

[frenck]

Mosquitto does not pick up on SSL certificate changes. This is out of reach/scope for the add-on to handle, unfortunately. It is not that uncommon as well. You will encounter the same issues with other software.

[giwleb]

Thanks. Do you have any suggestions on how to fix it?

[frenck]

Restart services that use the certificate

[giwleb]

Yes that worked! For others looking for this, I restarted the MQTT server and web client add-on in Hass.io. I had thought that the "Control your Home Assistant server… from Home Assistant. " restart from Configuration, General, Server Management would do that, but it doesn't seem to. Hope this helps others. Thanks!

[addons-assistant[bot]]

This thread has been automatically locked because it has not had recent activity. Please open a new issue for related bugs and link to relevant comments in this thread.