Home > Enterprise >  Mosquitto on Ubuntu not working with Letsencypt Certificate
Mosquitto on Ubuntu not working with Letsencypt Certificate

Time:01-04

Error :

ubuntu@ip-172-31-37-161:~$ sudo systemctl status mosquitto.service
× mosquitto.service - Mosquitto MQTT Broker
     Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2023-01-02 18:36:02 UTC; 10min ago
       Docs: man:mosquitto.conf(5)
             man:mosquitto(8)
    Process: 7652 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
    Process: 7653 ExecStartPre=/bin/chown mosquitto /var/log/mosquitto (code=exited, status=0/SUCCESS)
    Process: 7654 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, status=0/SUCCESS)
    Process: 7655 ExecStartPre=/bin/chown mosquitto /run/mosquitto (code=exited, status=0/SUCCESS)
    Process: 7656 ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf (code=exited, status=1/FAILURE)
   Main PID: 7656 (code=exited, status=1/FAILURE)
        CPU: 14ms

Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Main process exited, code=exited, status=1/FAILURE
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Failed with result 'exit-code'.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: Failed to start Mosquitto MQTT Broker.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Scheduled restart job, restart counter is at 5.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: Stopped Mosquitto MQTT Broker.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Start request repeated too quickly.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Failed with result 'exit-code'.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: Failed to start Mosquitto MQTT Broker.

My conf.d file :

allow_anonymous false

password_file /etc/mosquitto/passwd

listener 1883
#NON SECURE PORT

listener 1884
certfile /etc/letsencrypt/live/domain.com/cert.pem
cafile /etc/letsencrypt/live/domain.com/chain.pem
keyfile /etc/letsencrypt/live/domain.com/privkey.pem

If I comment or remove the last line : keyfile, then Mosquitto broker works fine and there is no error. Can anyone please help solve this problem. Thanks!!

CodePudding user response:

You need to ensure that the mosquitto user has read access to the certificate and key files.

By default the key files are only readable by the root user.

P.s. you should probably be using thefullchain.pem file instead of the cert.pem to ensure things work best.

  • Related