Search code examples

Telegraf connection to Mosquitto using TLS

In my system (with raspberry) I have some sensors that publish data to Mosquitto, I'm using Telegraf to transfer the data do an influxDB database and I'm using Grafana to show the data.

During the test without TLS connection (in mosquittos) everything works correctly but when I activated the TLS I start to have a problem with Telegraf.

The sensor are sending the data to the broker using the client.key, client.crt and ca.crt. In the broker I can see the data from the sensor. So I think the problem in not in this.

In telegraf (I suppose it works as client) I tried to configure the TLS connection. Looking at the telegraf.service status , it is active and running. Looking at the journal I don't see errors in the connection but I can't see any data from the broker.

In Telegraf.conf I set the certificate as you can see here below. Instead using pem file I used the file that I use for the sensor or other client connected to the system: the extension is different and I don't know if the problem is here.

Here the configuration of Telegraf (mqtt_consumer)

# # Read metrics from MQTT topic(s)
#   ## Broker URLs for the MQTT server or cluster.  To connect to multiple
#   ## clusters or standalone servers, use a seperate plugin instance.
#   ##   example: servers = ["tcp://localhost:1883"]
#   ##            servers = ["ssl://localhost:1883"]
#   ##            servers = ["ws://localhost:1883"]
   servers = ["tcp://"]
#   ## Topics that will be subscribed to.
   topics = [
#   ## The message topic will be stored in a tag specified by this value.  If set
#   ## to the empty string no topic tag will be created.
#   # topic_tag = "topic"
#   ## QoS policy for messages
#   ##   0 = at most once
#   ##   1 = at least once
#   ##   2 = exactly once
#   ##
#   ## When using a QoS of 1 or 2, you should enable persistent_session to allow
#   ## resuming unacknowledged messages.
#   # qos = 0
#   ## Connection timeout for initial connection in seconds
#   # connection_timeout = "30s"
#   ## Maximum messages to read from the broker that have not been written by an
#   ## output.  For best throughput set based on the number of metrics within
#   ## each message and the size of the output's metric_batch_size.
#   ##
#   ## For example, if each message from the queue contains 10 metrics and the
#   ## output metric_batch_size is 1000, setting this to 100 will ensure that a
#   ## full batch is collected and the write is triggered immediately without
#   ## waiting until the next flush_interval.
#   # max_undelivered_messages = 1000
#   ## Persistent session disables clearing of the client session on connection.
#   ## In order for this option to work you must also set client_id to identify
#   ## the client.  To receive messages that arrived while the client is offline,
#   ## also set the qos option to 1 or 2 and don't forget to also set the QoS when
#   ## publishing.
#   # persistent_session = false
#   ## If unset, a random client ID will be generated.
    client_id = ""
#   ## Username and password to connect MQTT server.
    #username = ""
    #password = ""
#   ## Optional TLS Config
    tls_ca   = "/etc/telegraf/ca.crt"
    tls_cert = "/etc/telegraf/client.crt"
    tls_key  = "/etc/telegraf/client.key"
#   ## Use TLS but skip chain & host verification
#    insecure_skip_verify = false
#   ## Data format to consume.
#   ## Each data format has its own unique set of configuration options, read
#   ## more about them here:
#   ##
    data_format = "influx"

How can I check the connection to the broker in Telegraf? Is it correct the configuration or I should use only .pem file?


  • Your MQTT URL starts with tcp:// but it should start with ssl:// for a MQTT over SSL connection.