Home Assistant -> Mosquitto Brocker bridge to HiveMQ -> Step by step?

1

Hello,

I am trying to set up an MQTT bridge between a Mosquitto broker installed on Home Assistant and a HiveMQ broker.
I created the configuration file \share\mosquitto\hivemq.conf, with the following content:

#Mosquitto to HiveMQ Cloud (MQTT over TLS)
connection hivemq
address ********************************.s1.eu.hivemq.cloud:8883
remote_username *****
remote_password *****
topic # both 0

I also relied on several examples and variants found on the web. However, the connection is rejected every time.
An AI also suggested several solutions, but none of them have worked so far.
Could someone help me identify the issue in my .conf file and explain what is wrong?
Regards
Otto

2

Hi @ohaldi,

Welcome to the HiveMQ Community, and thank you for the detailed description of your setup. It is great to see you exploring MQTT, Home Assistant, and HiveMQ together.

From the configuration you shared, the main issue is that the bridge is currently not configured to use TLS, even though HiveMQ Cloud on port 8883 requires a TLS connection. To resolve this, please try the following steps.

1. Download the CA certificate

On the Home Assistant system where the Mosquitto broker runs:

  1. Download the Let’s Encrypt ISRG Root X1 certificate from:
    https://letsencrypt.org/certs/isrgrootx1.pem
  2. Save the file into the Mosquitto share, for example:
    • On the host: \share\mosquitto\isrgrootx1.pem
    • Inside the container: /share/mosquitto/isrgrootx1.pem

2. Adjust the Mosquitto bridge configuration

Update your \share\mosquitto\hivemq.conf to something along these lines (adapting the placeholders to your actual values):

# Mosquitto -> HiveMQ Cloud (MQTT over TLS)
connection hivemq
address <your-cluster-id>.s1.eu.hivemq.cloud:8883

bridge_protocol_version mqttv311
cleansession true
try_private false

remote_username <your-hivemq-cloud-username>
remote_password <your-hivemq-cloud-password>

# TLS – Let’s Encrypt ISRG Root X1 for HiveMQ Cloud
bridge_cafile /share/mosquitto/isrgrootx1.pem

topic # both 0

Key points:

  • bridge_cafile ensures that Mosquitto actually establishes a TLS connection and trusts the HiveMQ Cloud certificate chain.
  • The remote_username and remote_password must be your HiveMQ Cloud cluster MQTT credentials, not your HiveMQ Cloud account login.

3. Restart Mosquitto and verify in the logs

After saving the configuration:

  1. Restart the Mosquitto broker add-on in Home Assistant.
  2. Check the Mosquitto logs. A successful connection should look similar to:
    • Connecting bridge hivemq
    • Connected bridge hivemq
  3. If the connection still fails and you suspect a certificate/CA issue, you can perform a temporary debug test by adding:
    bridge_insecure true
    to the same connection hivemq section. This disables server certificate verification for the bridge and helps to confirm whether the failure is strictly related to TLS validation.
    Important: This is only for short-term debugging. Once you have confirmed the root cause, please remove this line again or set:
    bridge_insecure false
    so that the certificate is properly verified in normal operation.

If the connection still does not succeed after these steps, the logs should show whether it is a TLS issue (certificate / handshake) or an authentication issue (username / password / hostname).
Kind regards,
Dasha
HiveMQ Support Team

3

Hello Dasha,
Thanks for your help. I also learn a much with your example.
It seem to working now.
In log file I see no error :
2026-01-31 19:15:11: Connecting bridge hivemq (17f1c4fc4e5040e8b39cf25d9227eae0.s1.eu.hivemq.cloud:8883)
2026-01-31 19:15:11: mosquitto version 2.0.22 running
but I don’t see the message : Connected bridge hivemq
I also set the debug to : Bridge_insecure falseRegards
Best Regards
Otto

4

Hello @ohaldi

Thank you for the update and the logs. We can see that Mosquitto is attempting to connect the bridge (Connecting bridge hivemq), but since we do not see Connected bridge hivemq, The TLS/MQTT connection is still not completing successfully.

To help us pinpoint the issue, could you please:

  1. Share the bridge section of your bridge configuration (you can mask credentials).
    In particular, please verify that it contains entries similar to:

    connection hivemq
address <your-cluster-id>.s1.eu.hivemq.cloud:8883
bridge_protocol_version mqttv311
cleansession true
try_private false
remote_username <your-hivemq-cloud-username>
remote_password <your-hivemq-cloud-password>
bridge_cafile /share/mosquitto/isrgrootx1.pem
bridge_tls_version tlsv1.2
bridge_insecure false
topic # both 0

  2. Enable more detailed logging by adding:

    log_type all
log_timestamp true

    Then restart Mosquitto and share the updated logs.

  3. (Optional but helpful) Test the same credentials directly with a simple client, for example:

    mosquitto_pub \
  -h <your-cluster-id>.s1.eu.hivemq.cloud \
  -p 8883 \
  -u <your-hivemq-cloud-username> \
  -P <your-hivemq-cloud-password> \
  --cafile /share/mosquitto/isrgrootx1.pem \
  -t test/bridge \
  -m "hello from mosquitto" \
  -d

    If this command works, we know the HiveMQ Cloud side (URL, port, credentials, CA file) is correct, and the problem is with the Mosquitto bridge.

Regards,
Sheetal from HiveMQ Support

5

Hello,
Many thanks for your help. My file hivemq.conf look like this:

=======================================================

Mosquitto to HiveMQ Cloud (MQTT over TLS) / 04.02.2026

=======================================================

connection hivemq
address 17f1c4fc4e5040e8b39cf25d9227eae0.s1.eu.hivemq.cloud:8883

bridge_protocol_version mqttv311
cleansession true
try_private false

remote_username ateho
remote_password @Lock2003hi

TLS – Let’s Encrypt ISRG Root X1 for HiveMQ Cloud

bridge_cafile /share/mosquitto/isrgrootx1.pem

topic # both 0
bridge_insecure false

log_type all
log_timestamp true

Now every thing work well and I see much more information on the log file directly in Home Assistant.
Regards
Otto