Guide: Local MQTT broker with Meross and Home Assistant

Meross is great even through the cloud and with local http api, but there’s a one problem with that. Local connection for Meross uses HTTP APIs and Home Assistant polls the devices every 30 seconds and when I do open my garage door, the status will not change instantly, but between 0-59seconds depending on the last poll time.

So, this time I decided to configure my garage door opener with full local MQTT connection. It will disconnect me total from the Meross cloud, but I’m ok with that. However, I’m doing this for only my garage door opener and keeping the summer home water pump still connected to the cloud, just in case.

This method only works with Meross pre-HomeKit devices.

To go through this guide you will need a Unix based PC with WiFi and basic konwledge of it.

Also please not the that this will disconnect the device totally form the Meross cloud and official Meross app can’t be used with that device anymore.

Enabling SSL certificates

Meross uses encrypted MQTT connection so first thing to do is generate SSL certificates and configure MQTT broker to use encrypted SSL connection.

SSL can be enabled in parallel with non-secure connections, so you don’t have to configure all of your other devices to use the SSL connection. However, I suggest to switch to SSL other devices as well if possible!

In this guide I’m using openssl with separate Linux machine to generate the certificates. There’s also Windows applications to generate the certificates (more details e.g. in this article).

So generating the self-signed SSL certificates can be done with the commands below. The script will generate all required files in a folder named ‘certs’.

mkdir -p certs/{ca,broker}
cd certs

# ca
openssl genrsa   -out ca/ca.key   2048
openssl req   -new   -x509   -days 1826   -key ca/ca.key   -out ca/ca.crt   -subj "/CN=MQTT CA"

# broker
openssl genrsa   -out broker/broker.key   2048
openssl req   -new   -out broker/broker.csr   -key broker/broker.key   -subj "/CN=broker"
openssl x509   -req   -in broker/broker.csr   -CA ca/ca.crt   -CAkey ca/ca.key   -CAcreateserial   -out broker/broker.crt   -days 360

Now that the certificates are generated we need to copy them to Home Assistant SSL folder. Before copying, make sure you don’t override anything you have previously in that folder. You might have some other certs in there and in that case, ensure that at least the ca.key does not exist already in the folder. If existing, rename your current MQTT broker ca.key to something else.

Copying to the target machine using Linux SCP can be done like below. Of course depending of your Home Asisstant authentication method you might have to type in your username and password as well. I’m using public-private key pairs to connect so it’s automatically authenticating for me.

scp {broker/broker.crt,broker/broker.key,ca/ca.crt} root@homeassistant:~/ssl

Now we have the SSL in place so we just need to enable our MQTT broker with the SSL encryption. I’m using MQTT Add-On for Home Assistant, so just going to Settings -> Add-ons -> Mosquitto Broker -> Configuration we’ll find the proper settings to enable the SSL.

Type in the SSL cert files and setup the SSL port to 8883, restart the addon and you’re all set! The SSL certs should be now in use and port 8883 is used when connecting with encryption enabled!

Pairing with Local MQTT broker

Depending on your setup and device, this can either be very easy or very difficult. First I recommend to try using the Meross Custom Paired App for Android created by @albertogeniola.

If you can pair the Meross device with the app, good. If not, continue reading. I think I had all the problems when trying to connect with my local mqtt broker..

For this part you need a preferably laptop computer with Unix based system like Linux or Mac and a piece of software create by @ByteSpider.

The software is written by using npm 12 so that needs to be installed first. Internet is full of guides how to do that. E.g. this.

After you hae npm 12 successfully working, you can clone the Meross configurator repository with git clone https://github.com/bytespider/Meross.git

Now set the Meross device into pairing mode by pressing the button for 5 seconds (might be different on other models/devices than the MSG100 garage door opener).

Now let’s connect our laptop WiFi with the Meross devices by selecting the Meross WiFi network from computers network settings. After this part you won’t be able to connect to the internet until WiFi is changed back to normal, so please keep this page open 🙂

Now through the linux/Mac terminal enter to the cloned Meross/bin folder and type

./meross-info --verbose --include-wifi

This should list the necessary information of your Meross device along with possible WiFi connections. Copy the credentials info and preferred WiFi network

While we are still connected to the Meross, let’s configure it to use the proper MQTT broker even though we haven’t set the user yet. Depending on your WiFi network, you might need to pass the cipher, encryption and channel. At least on my multi AP Unifi system I had to configure the network installation in very detailed level.

./meross-setup --gateway 10.10.10.1 --wifi-ssid YourNetworkSSID --wifi-pass YourNetworkPassword --mqtt mqtts://192.168.1.100:8883 --wifi-cipher 6 --wifi-encryption 7 --wifi-channel 1 --verbose

After setting the configuration Meross device should now reboot, but it won’t connect properly since we are missing a proper user from our MQTT broker.

Now switch back to your local WiFi (or wired) network and continue to Home Assistant,

When using the official Home Assistant MQTT Add-on we can define custom user + password directly from the add-on configuration menu, but unfortunately it’s not supporting special characters in the username part and Meross MQTT user is hardcoded as the device mac-address.

To overcome that, we have to create a new Home Assistant user with the username as mac address. So enter Settings -> People -> Users and create a new user named anything you like and add username as the Meross device mac address copied earlier. Password should be also the same as copied above. And turn on the switch that allows only local connections, we don’t want anyone outside to access with that user.

Now everything should be ready for the Meross device to connect. Restart the Meross device by disconnecting it from the power supply and connecting again. It now should blink only green led (at least on Meross MSG100 Garage door opener).

Integration to Home Assistant

Now the final part, Home Assistant integration. There’s a custom component called Meross LAN created by @krahabb. Luckily the Meross LAN can be install through HACS.

Once installed and Home Assistant is restarted it should auto discover the device added. Just put ‘user set’ as key and paste the key from the copied values in the previous chapter.

If everything went as supposed, you should now have Meross device in your Home Assistant through only the local MQTT broker and everything is working instantly! No need to use the cloud broker anymore and we can also dumb the local HTTP polling.

Conculsion

Even though I’m running Meross fully local now with my Garage door opener, I’m still not 100% happy with it. The biggest problem is that I don’t have clear status when the door is open. I only get the information when door is starting to open and from that point the timer is being run (insde Meross) for 30s and the door is marked open at that point!

However, it’s now better than before and will work until I manage to build my own ESPHome Garage door opener with two reed switch 🙂

4 Replies to “Guide: Local MQTT broker with Meross and Home Assistant”

  1. This is an awesome post and exactly what I’ve been looking for !

    I’ve got some Meross mss210 and mss310 plugs that I’m trying to use with HA. I’ve followed your instructions as best I can (the android app wouldn’t work for me but the scripts worked great).

    However, when trying to get an mss210 configured I seem to be falling at the final hurdle in that the plug keeps on connecting to Mosquitto and then disconnecting.

    The Mosquitto logs show many lines like the following:

    2022-09-25 22:29:58: New connection from 192.168.1.220:52981 on port 8883.
    2022-09-25 22:29:58: New client connected from 192.168.1.220:52981 as fmware:1903262489242525183834298f1dbe8a_noTNsAgaagKqlpgY (p1, c1, k120, u’XX:XX:XX:XX:XX:XX’).
    2022-09-25 22:30:16: Client fmware:1903262489242525183834298f1dbe8a_noTNsAgaagKqlpgY disconnected.

    I’ve obviously got the wifi and HA user set up correctly as it’s connecting to Mosquitto, but I can’t understand why it keeps disconnecting.

    Here’s my mosquitto configuration:

    logins: []
    require_certificate: false
    certfile: broker.crt
    keyfile: broker.key
    customize:
    active: false
    folder: mosquitto
    debug: true
    anonymous: false
    tls_insecure: true
    tls_version: tlsv1.2
    cafile: ca.crt

    Any help would be fantastic !

    Thanks again,
    Archie

    1. Is your mss210 HomeKit compatible?

      I think I had the similar issues with the HomeKit compatible devices and those couldn’t be connected to local MQTT at all.

  2. Thank you so much for this article. It was a happy end after endless Github threads, downgrading Mosquitto, and fiddling with the custom meross pair app. No hacks, just config.

    I had to fire the “meross-setup” command again after creating the user in HA. Otherwise, the smart plug would return to pairing mode after a power cycle.

    Since then it works perfectly with my Meross MS310.

    1. Great to hear the article was helpful and thanks for your comment about the re-running the meross-setup.
      I don’t recall of doing it myself, but there were quite many trial and errors until got it working myself either so your comment might be very helpful for other readers!

Leave a Reply to Toni Cancel reply

Your email address will not be published.