MQTT authentication failure


I am attempting to use the mqtt api, and failing miserably.

mosquitto_sub --capath /etc/ssl/certs -h -u My_email_address -P myBrightPassword -t SMART/HILD/MYMacAddress -p 8883

If the capath is incorrect I get TLS error, fine. If I get it right, I get;

Connection error: Connection refused: not authorised

Is this still a symptom of TLS (doesnt look like it)

bad id/password (same as used in Bright app on Android)


Any ideas from them that done it please?


  • Sorry - this was my bad - can you try now please

  • Clive,

    Thanks, still fails, same error. Could you confirm the email address begins with "a" please? Four years ago there were a couple of units on my HAN that were sending to another user for a trial, i think beginning with "r".



  • Can you raise a ticket at with more details.

  • Clive,

    Please see ticket Re: MQTT Set up request - [PCR-UPYEB-483], Jane was keen to see support via this forum.



  • FWIW, I was getting that error too when I was using my own certs. If I do it from the eclipse-mosquitto:openssl docker image, it works, so I assuming it was the certs fault...

  • Francis - I'll check that ticket.

    Just to be clear what support sits where

    getting up and running on mqtt - use

    using and understanding the delivered data stream - here

  • edited March 2022


    Thanks for the info, alas, same error, I'm not persuaded that it's an SSL error, I think I have some of the oldest surviving sensors, a pair of GB-ZBRF-01's. I can use off the shelf code if I can get my hands on a Hildebrand SMETS1 Display and CAD.

    / # mosquitto_sub --capath /etc/ssl/certs -h -u xxx -P xxx -t SMART/HILD/xxx -p 8883

    Connection error: Connection Refused: not authorised.



  • I had a similar error when I started using MQTT. I found specifying the certificate file rather than path worked for me. It's worth a try...

    --cafile /etc/ssl/certs/ca-certificates.crt


  • Dan,

    Sorry, still not authorised with cafile, I have had a success however, if I execute the subscribe with both cert and key. So it was my lack of understanding of SLL, who'd have thunk it? now to integrate it into the broker...

    mosquitto_sub -cert /ssl/CloudflareClient/cloudflareclientcert.pem --key /ssl/CloudflareClient/cloudflareclientkey.pem yada it does respond with

    mosquitto_sub -cert /ssl/CloudflareClient/cloudflareclientcert.pem --key /ssl/CloudflareClient/cloudflareclientkey.pem

    It responds with ...

    Client (null) sending CONNECT                                                                                        

    Client (null) received CONNACK (0)                                                                                     

    Client (null) sending SUBSCRIBE (Mid: 1, Topic: SMART/HILD/D88039420CB3, QoS: 0, Options: 0x00)                                                       

    Client (null) received SUBACK                                                                  Subscribed (mid: 1): 0                                                                                            

  • Why don't you try it on 1883 ie not ssl and see if you get data

    Once that's working you can add tls.

Sign In or Register to comment.