Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Port 8081 of

Hi Nagesh,

Port 8081 is for MQTT over WebSockets over TLS (for use in Web Browsers).

Port 8883 is for plain MQTT over TLS - but uses a self-signed certificate.

This works for me (on Debian Linux):

curl -O

mosquitto_sub -h -p 8883 -t 'bbc/#' --cafile -v


On 11/03/2021 03:12, ನಾಗೇಶ್ ಸುಬ್ರಹ್ಮಣ್ಯ (Nagesh S) wrote:
Hoping that this is the right forum to ask questions for MQTT test brokers, I am unable to connect to port 8081. As described at, "Port 8081 has a Lets Encrypt certificate, so you should use your system CA certificates or the appropriate Lets Encrypt CA certificate for verification." If I try to connect without passing any option for CA (as mentioned in the documentation for, the connection keeps failing without any information. If I provide a directory with the certificates (root and intermediate) as available here (, I get an error as 'unable to get issuer certificate'.

While the experiments were run on Mac, I would like to know if it is fair to assume that /etc/ssl/certs will have Let's Encrypt CA on most platforms. Specifically, can I rely on this certificate to be available on GCR Distroless ? I did use a multi-stage build to copy /etc/ssl/certs from base image - but, same error as in Experiment 2 below.

Therefore, if I do have to supply certificates externally, which certificates do I download?

Experiment 1 - No CA specified
Client disconnected.

Experiment 2 - CA from Let's Encrypt used
Error: unable to get issuer certificate
Client disconnected.

Thanks and regards,

mosquitto-dev mailing list
To unsubscribe from this list, visit

Back to the top