TLS doesn't work: MQTT-Broker for Homey, Location & Presence and Owntracks

I have read a few things on this forum about alternatives for geolocation. I chose to use Owntracks in combination with MQTT. I succeeded in setting up an unsecured connection, but I failed to set up a secured preferred TLS connection.

Below are the settings that I tried for a secure connection with TLS, but did not get it working:

The apps:

  • MQTT-Broker for Athom Homey
  • Location and Presence for Athom Homey
  • Owntracks for Android

MQTT-Broker for Athom Homey [Settings]
Port number for an unsecured connection: 1883
Enable secure connection: CHECKED
Port number for a secure connection: 8883
Also allow unsecure connections: CHECKED

Tab edit users:
Username: Owntracks
Password: ****

Tab session settings:
CommonName used to generate a certificate: static IP address
Certificate saved
Broker stopped and started

Location & Presence for Athom Homey [Settings]
Use a MQTT broker as addition to HTTP: CHECKED
IP address or DNS: static IP address (same as the CommonName from the MQTT Broker)
Port number for a secure connection: 8883
Secure Connection (TLS): CHECKED
Disable certificate checking: CHECKING
Username: Owntracks (username and password same as in the MQTT Broker)
Password: ****

Owntracks for Android [Settings]
Username: testUser
Password: empty, I don’t know what this is for or where this is used?
Device ID: s20
Tracker ID: TU

Host: static IP-address (same as the CommonName from the MQTT Broker and Location an Presence)
Port number: 8883
Client ID: testS20

TLS switch: ON
CA certificate: selected the CA certificate generated in MQTT Broker for Athom Homey
I have installed the certificate on my mobile phone just to be sure.

The error I get when using these settings:

Extra information:

  • Port 1883 and 8883 are both forwarded to my static IP address.

By the way, what is the purpose of the password in the Owntracks app (Identification)? I left the the password empty for my currently working unsecured connection (with port: 1883) and everything still just works: open_mouth :.

Hopefully you can see what I configured wrong or forgot to configure. For security reasons I really would like to use a secure TLS connection instead.

is it not work iOS devices, I try but not work TLS :frowning: