allow_anonymous false
password_file /etc/mosquitto/passwd
# Verbose debugging for now. YOU PROBABLY SHOULD NOT ENABLE THIS IN A PRODUCTION ENVIRONMENT!
log_type all debug
log_timestamp_format %Y-%m-%d_%H:%M:%S
listener 1883
protocol mqtt
autosave_interval 10
autosave_on_changes false
listener 8883
certfile /etc/mosquitto/certs/fullchain.pem
keyfile /etc/mosquitto/certs/privkey.key
sys_interval 1
Being fullchain.pem
the fullchain.pem
file generated by Let's encrypt and privkey.key
the privkey.pem
file generated by Let's encrypt.
My permissions look like this:
root@tsb:/etc/mosquitto/certs# ls -l
total 16
-rw-r----- 1 root mosquitto 3750 Dec 26 15:30 chain.pem
-rw-r----- 1 root mosquitto 5629 Dec 26 02:49 fullchain.pem
-rw-r----- 1 root mosquitto 1704 Dec 26 02:49 privkey.key
My /lib/systemd/system/mosquitto.service
looks like this:
[Unit]
Description=Mosquitto MQTT Broker
Documentation=man:mosquitto.conf(5) man:mosquitto(8)
After=network.target
Wants=network.target
[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto
ExecStartPre=/bin/chown mosquitto /var/log/mosquitto
ExecStartPre=/bin/mkdir -m 740 -p /var/run/mosquitto
ExecStartPre=/bin/chown mosquitto: /var/run/mosquitto
[Install]
WantedBy=multi-user.target
And when I start the broker I get the following error:
ubuntu@tsb:~$ mosquitto -c /etc/mosquitto/conf.d/default.conf
2021-12-26_03:38:23: mosquitto version 2.0.14 starting
2021-12-26_03:38:23: Config loaded from /etc/mosquitto/conf.d/default.conf.
2021-12-26_03:38:23: Opening ipv4 listen socket on port 1883.
2021-12-26_03:38:23: Opening ipv6 listen socket on port 1883.
2021-12-26_03:38:23: Opening ipv4 listen socket on port 8883.
2021-12-26_03:38:23: Opening ipv6 listen socket on port 8883.
2021-12-26_03:38:23: Error: Unable to load server certificate "/etc/mosquitto/certs/fullchain.pem". Check certfile.
2021-12-26_03:38:23: OpenSSL Error[0]: error:0200100D:system library:fopen:Permission denied
2021-12-26_03:38:23: OpenSSL Error[1]: error:20074002:BIO routines:file_ctrl:system lib
2021-12-26_03:38:23: OpenSSL Error[2]: error:140DC002:SSL routines:use_certificate_chain_file:system lib
Thanks in advance for the help!
Best regards,
Sebastião Beirão