Hi rstankie,
I’ve figured it out due to this post MQTT Broker Bridge to HiveMQ Cloud - #5 by naitsimp - Configuration - Home Assistant Community
I may be misunderstanding but it seems Hivemq has an expired certificate that fails validation. I noticed this connecting with MQTT-Explorer, I had to disable certificate validation for it to work.
The solution:
- download the root certificate used to sign HiveMQs certificate here https://letsencrypt.org/certs/isrgrootx1.pem
- In the bridge config set bridge_cafile to that certificate
Here is my bridge config that worked, some of it may be unnecessary.
# Bridge connection
connection cloud-01
address <cluster>.s2.eu.hivemq.cloud:8883
bridge_cafile <dir>/isrgrootx1.pem
topic # out 0
topic # in 0
remote_username <username>
remote_password <password>
bridge_protocol_version mqttv311
try_private false
notifications false
bridge_attempt_unsubscribe false
bridge_insecure true
Hopefully this helps!
My leftover question if anyone feels like helping me improve my understanding:
Is the HiveMQ cert really expired? Connecting with MQTT Explorer with validation on seems to confirm that it is.
Would downloading the expired certificate and putting it in the bridge_cafile solve this as well?
Is a bridge_cafile always required if the remote broker has ssl enabled?