mosquitto ssl certs not mounted #4392
Description
Describe the issue you are experiencing
hello,
today I added SSL encryption to my homeassistant running on raspberry 4 using acme.sh
it works well for my dashboard, but not able to get it used in mosquitto
was hoping that a restart of whole system may fix it, but no luck
inside mosquitto docker, /ssl is empty, therefore my certs are not used - see "details" -> "additional information"
any idea how to fix or what to check next?
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Home Assistant Operating System
Which app are you reporting an issue with?
Mosquitto broker
What is the version of the app?
6.5.2
Steps to reproduce the issue
did not try to reproduce, have no spare sd card for my raspberry
System Health information
no repairs except missing battery sensor
Anything in the Supervisor logs that might be useful for us?
Anything in the app logs that might be useful for us?
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/mosquitto.sh
[20:48:30] INFO: Setting up user hass_dafang
[20:48:32] INFO: Setting up user hass_zigbeestick
[20:48:34] INFO: Setting up user hass_nuki
[20:48:35] INFO: SSL is not enabled
cont-init: info: /etc/cont-init.d/mosquitto.sh exited 0
cont-init: info: running /etc/cont-init.d/nginx.sh
cont-init: info: /etc/cont-init.d/nginx.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun mosquitto (no readiness notification)
services-up: info: copying legacy longrun nginx (no readiness notification)
[20:48:37] INFO: Starting NGINX for authentication handling...
s6-rc: info: service legacy-services successfully started
[20:48:38] INFO: Starting mosquitto MQTT broker...
2026-02-05 20:48:38: Warning: Mosquitto should not be run as root/administrator.
2026-02-05 20:48:38: mosquitto version 2.0.22 starting
2026-02-05 20:48:38: Config loaded from /etc/mosquitto/mosquitto.conf.
2026-02-05 20:48:38: Loading plugin: /usr/share/mosquitto/go-auth.so
2026-02-05 20:48:38: ├── Username/password checking enabled.
2026-02-05 20:48:38: ├── TLS-PSK checking enabled.
2026-02-05 20:48:38: └── Extended authentication not enabled.
2026-02-05 20:48:38: Opening ipv4 listen socket on port 1883.
2026-02-05 20:48:38: Opening ipv6 listen socket on port 1883.
2026-02-05 20:48:38: Opening websockets listen socket on port 1884.
2026-02-05 20:48:38: mosquitto version 2.0.22 runningAdditional information
using ssh tool port 22 (putty), I see /config/ssl has my 2 certs which are used by dashboard
created symlink "ln -s /config/ssl /ssl" trying to get mosquitto to use my certs
ls /config/ssl
fullchain.pem xxx.name.key xxx.name.pem privkey.pem
ls /ssl
fullchain.pem xxx.name.key xxx.name.pem privkey.pem
restarted mosquitto app, then
docker exec -it addon_core_mosquitto /bin/bash
root@core-mosquitto:/# ls -lah /ssl
total 8.0K
drwxr-xr-x 2 root root 4.0K Feb 5 19:59 .
drwxr-xr-x 1 root root 4.0K Feb 5 20:48 ..
docker inspect shows
"Type": "bind",
"Source": "/mnt/data/supervisor/ssl",
"Destination": "/ssl",
"Mode": "",
"RW": false,
"Propagation": "rprivate"
unfortunately I'm not able to open that /mnt/data folder and don't want to use this obscure USB method to enable ssh at port 22222