[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [mosquitto-dev] Upgrade from 1.x to 2.0.14 - Unable to load server certificate
|
Have you check the permissions of /etc/mosquitto/certs directory?
I have updated my broker to version 2.0.14 and now I'm unable to start it with anything other than simple MQTT protocol. Everything that has to have certificates causes the broker to fail to start.
I have already checked the link
Migrating from 1.x to 2.0 and I have already implemented the renewal hook scrip with success but the broker still does not work.
My /etc/mosquitto/mosquitto.conf
looks like this:
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
allow_anonymous false
include_dir /etc/mosquitto/conf.d
My /etc/mosquitto/conf.d/default.conf
file looks like this:
allow_anonymous false
password_file /etc/mosquitto/passwd
# Verbose debugging for now. YOU PROBABLY SHOULD NOT ENABLE THIS IN A PRODUCTION ENVIRONMENT!
log_type all debug
log_timestamp_format %Y-%m-%d_%H:%M:%S
listener 1883
protocol mqtt
autosave_interval 10
autosave_on_changes false
listener 8883
certfile /etc/mosquitto/certs/fullchain.pem
keyfile /etc/mosquitto/certs/privkey.key
sys_interval 1
Being fullchain.pem
the fullchain.pem
file generated by Let's encrypt and privkey.key
the privkey.pem
file generated by Let's encrypt.
My permissions look like this:
root@tsb:/etc/mosquitto/certs# ls -l
total 16
-rw-r----- 1 root mosquitto 3750 Dec 26 15:30 chain.pem
-rw-r----- 1 root mosquitto 5629 Dec 26 02:49 fullchain.pem
-rw-r----- 1 root mosquitto 1704 Dec 26 02:49 privkey.key
My /lib/systemd/system/mosquitto.service
looks like this:
[Unit]
Description=Mosquitto MQTT Broker
Documentation=man:mosquitto.conf(5) man:mosquitto(8)
After=network.target
Wants=network.target
[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto
ExecStartPre=/bin/chown mosquitto /var/log/mosquitto
ExecStartPre=/bin/mkdir -m 740 -p /var/run/mosquitto
ExecStartPre=/bin/chown mosquitto: /var/run/mosquitto
[Install]
WantedBy=multi-user.target
And when I start the broker I get the following error:
ubuntu@tsb:~$ mosquitto -c /etc/mosquitto/conf.d/default.conf
2021-12-26_03:38:23: mosquitto version 2.0.14 starting
2021-12-26_03:38:23: Config loaded from /etc/mosquitto/conf.d/default.conf.
2021-12-26_03:38:23: Opening ipv4 listen socket on port 1883.
2021-12-26_03:38:23: Opening ipv6 listen socket on port 1883.
2021-12-26_03:38:23: Opening ipv4 listen socket on port 8883.
2021-12-26_03:38:23: Opening ipv6 listen socket on port 8883.
2021-12-26_03:38:23: Error: Unable to load server certificate "/etc/mosquitto/certs/fullchain.pem". Check certfile.
2021-12-26_03:38:23: OpenSSL Error[0]: error:0200100D:system library:fopen:Permission denied
2021-12-26_03:38:23: OpenSSL Error[1]: error:20074002:BIO routines:file_ctrl:system lib
2021-12-26_03:38:23: OpenSSL Error[2]: error:140DC002:SSL routines:use_certificate_chain_file:system lib
Thanks in advance for the help!
Best regards,
Sebastião Beirão
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev