Tasmota: Configure the MQTT fingerprint from the web configuration

Try to use the web console and command MqttFingerprint which should do what you want.

That is awesome Theo, didn't know that it already exist, thank you so much!
Will it be possible to also include it in the MQTT configuration page of the Web interface?
That way all of the MQTT setup options will be shown there easily, and I think it will even increase the awesomeness level of it!
If you can also look at Issue #808, as me and someone else believe that there might be a potential bug in there, I will also appreciate it a lot!
Thank you so much again for your work and effort invested, I truly appreciate it a lot.
Lior.

@liorsu this is also already implemented :-). You just send to the /cmd/sonoff/MqttFingerprint an EMPTY payload "" and you will get the current Fingerprint. If you send a value, this will change the fingerprint. You are one of the rare users that use the fingerprint like I do. Please add espClient.stop() in the sonoff.ino near line 616ff.

Should look after modification like this:

#ifdef USE_MQTT_TLS
    addLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR(D_FINGERPRINT));
    if (!espClient.connect(sysCfg.mqtt_host, sysCfg.mqtt_port)) {
      snprintf_P(log_data, sizeof(log_data), PSTR(D_LOG_MQTT D_TLS_CONNECT_FAILED_TO " %s:%d. " D_RETRY_IN " %d " D_UNIT_SECOND),
        sysCfg.mqtt_host, sysCfg.mqtt_port, mqttcounter);
      addLog(LOG_LEVEL_DEBUG);
      return;
    }
    if (espClient.verify(sysCfg.mqtt_fingerprint, sysCfg.mqtt_host)) {
      addLog_P(LOG_LEVEL_INFO, S_LOG_MQTT, PSTR(D_VERIFIED));
    } else {
      addLog_P(LOG_LEVEL_DEBUG, S_LOG_MQTT, PSTR(D_INSECURE));
    }
    espClient.stop();
    yield();

Thank you @stefanbode, found out about it from your previous issue.
Also interested in the other applications and implementations that you made with it :)
Great minds think alike..

hi, i'm using v5.9.0, ota updated from http://sonoff.maddox.co.uk/tasmota/sonoff.bin
a few days ago i updated all my services to ssl, via letsencrypt, so i used the same certificate for apache, node-red and mosquitto, this last on port 8883... my basic sonoff refuses connection, and via console the mqttfingerprint is just unknown:
18:13:23 CMD: MqttFingerprint
18:13:23 RSL: stat/LampadaStudio/RESULT = {"Command":"Unknown"}

what to do? I see here that a special firmware is needed, but nothing on SonOta or Releases page...
https://github.com/arendst/Sonoff-Tasmota/wiki/MQTT-Overview
Thanks :)

In the provided binaries TLS is disabled as it eats up too much code. Therefore the command Mqtt Fingerprint is disabled too.

To use TLS you will have to enable it in user_config.h (and disable webserver to make it work within the tight RAM space) and recompile the code.

the 2 functionalities cannot coexist on every board, or just the 1mb sonoffs? if i change the memory on sonoff with a 4mb model, can i have both or have to disable 1 of them anyway? thanks

You still have to disable one of them as the amount of RAM does not change when replacing the flash.

Yes and no. I run actually the configuration with the webserver and the TLS MQTT. It also run on the 512kb small sonoff devices. I just have to disable some stuff during compilation to make the code fit into the flash. There is ONE thing that you have to keep in mind. It the MQTT TLS is "ON" AND "CONNECTED", you cannot go to the webserver interface and reconfigure the MODULE. This needs to much RAM and crashes. But it is ok to temporary disable MQTT and restart. Then you can make through webserver your MODULE changes. If everything is ok, you just enable MQTT again. Additionally, also for security reasons, I disable in normal operation my webserver. This free up some RAM. If needed I can enable it again with "webserver 2" command through MQTT.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

This issue will be auto-closed because there hasn't been any activity for a few months. Feel free to open a new one if you still experience this problem.