MQTT node not working after NR update

After updating my NR local installation (on RPI) from v 0.20.07 to the last one (v. 1.0.3) my MQTT nodes didn't connect to the MQTT broker anymore. Before updating NR I make a backup of my entire RPi MicroSD so I'm able to switch to the old configuration at any time

To be clear I didn't change anything in the flows but I only upgrade the NR version using the standard script provided here https://nodered.org/docs/getting-started/raspberrypi. As additional information, during the NR update process not any warn/error message was shown on the console.

Below the NR logs of the OLD (and still working configuration) where it's clear that the MQTT connection is correctly established (I've deleted some not-interesting rows).

Starting as a systemd service.
Started Node-RED graphical event wiring tool.
23 Feb 12:12:33 - [info]
Welcome to Node-RED
===================
23 Feb 12:12:33 - [info] Node-RED version: v0.20.7
23 Feb 12:12:33 - [info] Node.js  version: v8.16.0
23 Feb 12:12:33 - [info] Linux 4.19.57-v7+ arm LE
23 Feb 12:12:35 - [info] Loading palette nodes
23 Feb 12:12:48 - [info] Dashboard version 2.19.3 started at /ui
23 Feb 12:12:50 - [info] Settings file  : /home/pi/.node-red/settings.js
23 Feb 12:12:50 - [info] HTTP Static    : /home/pi/Immagini_APA
23 Feb 12:12:50 - [info] Context store  : 'default' [module=memory]
23 Feb 12:12:50 - [info] User directory : /home/pi/.node-red
23 Feb 12:12:50 - [warn] Projects disabled : editorTheme.projects.enabled=false
23 Feb 12:12:50 - [info] Flows file     : /home/pi/.node-red/flows_raspberrypi.json
23 Feb 12:12:51 - [info] Server now running at http://127.0.0.1:1880/
23 Feb 12:12:52 - [warn]
---------------------------------------------------------------------
Your flow credentials file is encrypted using a system-generated key.
If the system-generated key is lost for any reason, your credentials
file will not be recoverable, you will have to delete it and re-enter
your credentials.
You should set your own key using the 'credentialSecret' option in
your settings file. Node-RED will then re-encrypt your credentials
file using your chosen key the next time you deploy a change.
---------------------------------------------------------------------
23 Feb 12:13:18 - [info] Starting flows
…..
……
23 Feb 12:13:28 - [info] [mqtt-broker:MQTT con TLS] Connected to broker: APA0@mqtts://mysite.it:8883

Below, instead the log after updating NR to the last version that throws the mqtt broker connection error.

Starting as a systemd service.
Started Node-RED graphical event wiring tool.
23 Feb 12:05:16 - [info]
Welcome to Node-RED
===================
23 Feb 12:05:16 - [info] Node-RED version: v1.0.3
23 Feb 12:05:16 - [info] Node.js  version: v8.16.0
23 Feb 12:05:16 - [info] Linux 4.19.57-v7+ arm LE
23 Feb 12:05:18 - [info] Loading palette nodes
23 Feb 12:05:31 - [info] Dashboard version 2.19.3 started at /ui
23 Feb 12:05:33 - [info] Settings file  : /home/pi/.node-red/settings.js
23 Feb 12:05:33 - [info] HTTP Static    : /home/pi/Immagini_APA
23 Feb 12:05:33 - [info] Context store  : 'default' [module=memory]
23 Feb 12:05:33 - [info] User directory : /home/pi/.node-red
23 Feb 12:05:33 - [warn] Projects disabled : editorTheme.projects.enabled=false
23 Feb 12:05:33 - [info] Flows file     : /home/pi/.node-red/flows_raspberrypi.json
23 Feb 12:05:34 - [info] Server now running at http://127.0.0.1:1880/
23 Feb 12:05:35 - [warn]
---------------------------------------------------------------------
Your flow credentials file is encrypted using a system-generated key.
If the system-generated key is lost for any reason, your credentials
file will not be recoverable, you will have to delete it and re-enter
your credentials.
You should set your own key using the 'credentialSecret' option in
your settings file. Node-RED will then re-encrypt your credentials
file using your chosen key the next time you deploy a change.
---------------------------------------------------------------------
23 Feb 12:06:01 - [info] Starting flows
…
….
…
23 Feb 12:06:12 - [info] [mqtt-broker:MQTT con TLS] Connection failed to broker: APA0@mqtts://mysite.it:8883

On the server side, the MQTT broker receives the request form NR but disconnect with a "client
unknown" exception.

As clarified above I didn't change anything to the flows or to the MQTT configuration node.

After getting this error - just to make an additional test and thinking it could be the cause - I've changed the MQTT broker configuration in the NR in order not to use $ENV variables (set in the NR settings.json file and used in the flow for convenience) and set the ClientID and Security configuration credentials (I use TLS/SSL connection on port 8883) direclty in the MQTT Broker Config node but with no luck. Also wih this new MQTT node configuration I had the same error showed in the log above.

I suppose that something during the NR update process "broke" the MQTT node. Is there any check I can do to understand/solve the problem?

Note: Trying to find a way to uninstall/reinstall the MQTT node palette I've seen that there's no way to to do it (probably being one of the NR standard node). Is it correct my understanding?

Can I suggest that you setup an alternative install using

and change it to use port 1881 instead of 1880

Then try the simplest possible connection to your broker with it and see what happens

How is your broker configured? Also, is it on the same device as Node-RED or on a different device?

That would seem to indicate that NR isn't connecting using the correct id/password.

Was your broker updated as well? I've had some issues with Mosquitto before where some of the default settings were no longer applied. Had to change the config until the next update when they changed back and broke things again.

[Off Topic]
If you are talking about the mosquitto config then rather than changing the default file (probably /etc/mosqitto/mosquitto.conf) then add another .conf file in /etc/mosquitto/conf.d and put your extra bits in there to add to or override the defaults. Then they will not be overwritten when mosquitto is updated. I call mine mossy.conf to remind me they are different files.

[more off topic]

No, they actually removed the default port at one point so after an update, nothing worked! Then they put it back in a later update so then you got clashing ports. I do use the conf.d folder.

So the MQTT broker is installed on another host server.
Using another MQTT client (running on my Windows Laptop) and using the same MQTT broker configuration I can successfully connect to the MQTT Broker and publish/subscribe topic...

I've also configured on the Rasp running the latest NR version (and that didn't connect anymore to my MQTT Broker) two sample MQTT IN and MQTT OUT nodes that connecst to a public Hive MQTT Broker and I can successfully connect to that broker (the only difference compared to my existing installation is that I didn't configure for the Hive Broker any UserID/Password or TLS connection) ans send/receive a test message between this node.This confirm that the MQTT nodes within the new NR installtion work as expected.
The situation so far is the following:

• The MQTT nodes in the latest NR installation works as expected (tested with a public Broker)

• My specific Broker configuration didnt' work with the latest NR installation but works with a previous version of NR and specifically v 0.20.07 and with another MQTT client (I used mmqttf on a laptop running Win8). I've also check the same broker configuration on another NR "dockerised" installation (also in this case v. 1.0.3) and it works......

I really cannot understand why it doesn't work...

I'm thinking about make a backup of all my flows/configuration, uninstall NR and then install it again. Whats the best way to do that?

What you haven't done is confirm whether another (not your upgrade version) install of Node-RED will connect to your broker.

If you can do that test, it will point towards whether its an issue with the upgrade process or whether its an issue with NR 1.0.3 connecting to your broker

As per my topic above I've test it and it worked (see quote below). It was the official Node-Red docker image taken from docker-hub.

....I've also check the same broker configuration on another NR "dockerised" installation (also in this case v. 1.0.3) and it works......

Apologies - missed that bit

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

I finally found the problem. The fact was that in the new broker configuration I enabled the acl (in the mosquitto.config file) but I forgot to include in the acl file the user I used to connect to the broker (i.e. the mqtt Client ID).
In order to eneble the acl management in the mosquitto.config file you have to uncomment the line below (and provide the full path to the acl file)

acl_file /opt/mosquitto/config/mosquitto.acl

While in the acl file (in my case mosquitto.acl) you need to add the string for your client (supposing the client ID is my_client you have just to add the following section

user my_client
topic #

or if you just want to limit the my_clientto publish/subscribe to a specific topic (i.e. topic1) something like that

user my_client
topic topic1/#

What drove me crazy was that in the mqtt broker log file the error showed let me suppose about wrong client credentials (instead of a problem related to the acl).

Good to hear you found the problem.

So where is the ACL in the config?
I get it is the MQTT side of things, but just as it spiked the interest.

If you look at the example conf file that comes with mosquitto (for me it is /usr/share/doc/mosquitto/examples/mosquitto.conf.gz) and search for acl you will find it.

Ok, thanks.