I am having some trouble with Mosquitto (MQTT) over SSL (with letsencrypt).
I have it installed on a RoR Ubuntu 18.04 server, on Digital Ocean, with Nginx installed.
This setup worked perfectly for public messages.
Then, for communication over SSL, port 8883 is listening to all traffic on the domain name.
The ports are allowed in firewall.
My Problem is, whenever I try to publish over SSL, I get an error. Here's the full log:
"$mosquitto_pub -d -h my-domain.xyz -t test -m "hello again" -p 8883 --capath /etc/ssl/certs/ -u “some-user” -P "p@s$w0rd"
Client mosqpub|23889-mosquitto sending CONNECT
Client mosqpub|23889-mosquitto received CONNACK
Connection Refused: not authorised.
Error: The connection was refused."
Here is my ../conf.d/default.conf
"allow_anonymous false
password_file /etc/mosquitto/passwd
listener 1883 localhost
listener 8883
certfile /etc/letsencrypt/live/my-domain.xyz/cert.pem
cafile /etc/letsencrypt/live/my-domain.xyz/chain.pem
keyfile /etc/letsencrypt/live/my-domain.xyz/privkey.pem
"
When I run mosquitto client in blocking mode by manually providing the conf file, here's what I get:
"$ mosquitto -c /etc/mosquitto/conf.d/default.conf
1568594709: mosquitto version 1.4.15 (build date Tue, 18 Jun 2019 11:42:22 -0300) starting
1568594709: Config loaded from /etc/mosquitto/conf.d/default.conf.
1568594709: Opening ipv4 listen socket on port 1883.
1568594709: Opening ipv4 listen socket on port 8883.
1568594709: Opening ipv6 listen socket on port 8883.
1568594709: Error: Unable to load CA certificates. Check cafile "/etc/letsencrypt/live/my-domain.xyz/chain.pem"."
Does it look like a permissions problem?
I followed the following guide, on an Ubuntu 18.04 : https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-ubuntu-16-04
What could be going wrong?
I can provide any other details that you want.