Install mosquitto MQTT broker.



# This assumes Raspbian buster

# For stretch you may have to configure apt-get
# to use the mosquitto repository and key

sudo apt-get update
sudo apt-get -y upgrade
sudo apt-get -y install mosquitto mosquitto-clients



Additional Information

Securing Your MQTT Broker

If you wish to use a MQTT dashboard app on your laptop or mobile device for remote access to your home automation gear then you should enable password authentication and encryption for your MQTT broker.

  • Follow the instructions at to create a passwd file containing your desired credentials, e.g.

    sudo mosquitto_passwd -c /etc/mosquitto/passwd jdoe
  • Edit /etc/mosquitto/mosquitto.conf to specify the passwd file you created, e.g.

    sudo nano /etc/mosquitto/mosquitto.conf

    and insert:

    allow_anonymous false
    password_file /etc/mosquitto/passwd
  • To enable TLS encryption, use the capath, certfile and keyfile options to reference your letsencrypt certificate and key files installed via certbot, e.g. insert something like the following in /etc/mosquitto/mosquitto.conf:

    capath /etc/letsencrypt/live/
    certfile /etc/letsencrypt/live/
    keyfile /etc/letsencrypt/live/

Note that for the latter, you need to make sure that the user account that the mosquitto service runs as has read permissions to the relevant letsencrypt files. Depending on exactly how you set all of this up, you may either have to loosen the security permissions on the files and directories under /etc/letsencrypt/live/ or use a post-renewal script to make copies in some other location. See and for details.