Error :
ubuntu@ip-172-31-37-161:~$ sudo systemctl status mosquitto.service
× mosquitto.service - Mosquitto MQTT Broker
Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2023-01-02 18:36:02 UTC; 10min ago
Docs: man:mosquitto.conf(5)
man:mosquitto(8)
Process: 7652 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 7653 ExecStartPre=/bin/chown mosquitto /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 7654 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, status=0/SUCCESS)
Process: 7655 ExecStartPre=/bin/chown mosquitto /run/mosquitto (code=exited, status=0/SUCCESS)
Process: 7656 ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf (code=exited, status=1/FAILURE)
Main PID: 7656 (code=exited, status=1/FAILURE)
CPU: 14ms
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Main process exited, code=exited, status=1/FAILURE
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Failed with result 'exit-code'.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: Failed to start Mosquitto MQTT Broker.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Scheduled restart job, restart counter is at 5.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: Stopped Mosquitto MQTT Broker.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Start request repeated too quickly.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Failed with result 'exit-code'.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: Failed to start Mosquitto MQTT Broker.
My conf.d file :
allow_anonymous false
password_file /etc/mosquitto/passwd
listener 1883
#NON SECURE PORT
listener 1884
certfile /etc/letsencrypt/live/domain.com/cert.pem
cafile /etc/letsencrypt/live/domain.com/chain.pem
keyfile /etc/letsencrypt/live/domain.com/privkey.pem
If I comment or remove the last line : keyfile, then Mosquitto broker works fine and there is no error. Can anyone please help solve this problem. Thanks!!
CodePudding user response:
You need to ensure that the mosquitto
user has read access to the certificate and key files.
By default the key files are only readable by the root
user.
P.s. you should probably be using thefullchain.pem
file instead of the cert.pem
to ensure things work best.