堆栈内存溢出
  简体   繁体   English

Mosquitto MQTT服务添加SSL配置后重启失败

[英]Mosquitto MQTT service failed to restart after adding SSL configuration

 原文  2020-05-14 08:30:20       amazon-web-services/ ssl/ amazon-ec2/ mqtt/ mosquitto

问题描述

I'm trying to configure SSL access to my mosquitto bridrge on Amazon EC2, Ubuntu 18 server.我正在尝试配置 SSL 访问我在 Amazon EC2 Ubuntu 18 服务器上的 mosquitto bridrge。 I followed the steps described in mosquitto tls docs and ended up with the following files:我按照mosquitto tls 文档中描述的步骤进行操作,最终得到以下文件:

  1. ca.crt ca.crt
  2. ca.key缓存密钥
  3. ca.srl ca.srl
  4. client.crt客户端.crt
  5. client.csr客户端.csr
  6. client.key客户端密钥
  7. server.crt服务器.crt
  8. server.csr服务器.csr
  9. server.key服务器.key

in a temporary directory.在临时目录中。

Then I copied three files:然后我复制了三个文件:

sudo cp ca.crt /etc/mosquitto/ca_certificates/
sudo cp server.key /etc/mosquitto/certs/
sudo cp server.crt /etc/mosquitto/certs/

Then I added the following section to the configuration file:然后我将以下部分添加到配置文件中:

listener 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.crt

Then I wanted to restart mosquitto:然后我想重新启动mosquitto:

sudo service mosquitto restart

This doesn't work and responds with这不起作用并响应

> Job for mosquitto.service failed because the control process exited with error code.
> See "systemctl status mosquitto.service" and "journalctl -xe" for details.

I tried both and there was just information, that the configuration is wrong.我都试过了,只有信息说配置是错误的。

I tried commenting out different lines and the following structure let's the service restart:我尝试注释掉不同的行和以下结构让服务重新启动:

listener 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
keyfile /etc/mosquitto/certs/server.key
#certfile /etc/mosquitto/certs/server.crt

Unfortunatelly, the certfile is nessesary for the configuration to work.不幸的是,证书文件是配置工作所必需的。 I checked the example configuration and the docs, and the certfile is a legal and required parameter.我检查了示例配置和文档,并且 certfile 是合法且必需的参数。

How can I solve this issue?我该如何解决这个问题?

2 个解决方案

解决方案1
 2 已采纳  2021-01-10 09:59:38

I'm running Mosquitto on Ubuntu server.在 Ubuntu 服务器上运行 Mosquitto I ran also into Mosquitto failing to start after adding SSL certificates and configuration.在添加 SSL 证书和配置后,我还遇到了 Mosquitto 无法启动的问题。 I got a standalone certificate from Let’s Encrypt by Certbot tool.我从Let's Encrypt by Certbot工具获得了一个独立的证书。

Version information: Ubuntu 18.04.5 LTS, Mosquitto 2.0.4.版本信息: Ubuntu 18.04.5 LTS,Mosquitto 2.0.4。 (MQTT v5.0/v3.1.1/v3.1 broker) and Certbot 1.11.0. (MQTT v5.0/v3.1.1/v3.1 代理)和 Certbot 1.11.0。

In original and failing configuration the mosquitto was configured to use certificates in /etc/letsencrypt... location.在原始和失败的配置中,mosquitto 被配置为使用 /etc/letsencrypt... 位置中的证书。

My solution was to move all certificate files from /etc/letsencrypt/archive/ into /etc/mosquitto/ -folder and make the respective certificate file pointers in mosquitto configuration to point to this location .我的解决方案是将所有证书文件从 /etc/letsencrypt/archive/ 移动到 /etc/mosquitto/ -文件夹中,并使 mosquitto 配置中的相应证书文件指针指向此位置

Most relevant debugging for the problem in the trouble shooting is available in the logfile /var/log/mosquitto/mosquitto.log file.*日志文件 /var/log/mosquitto/mosquitto.log 文件中提供了故障排除中问题的最相关调试。*

Further info about troubleshooting有关故障排除的更多信息

Playing around with ownerships did not have any effect , in this case.在这种情况下,玩弄所有权没有任何效果 The final configuration with certificates in /etc/mosquitto/certs folder worked regardless if the owner of the files and certificate containing folder was mosquitto or root. /etc/mosquitto/certs 文件夹中的证书的最终配置有效,无论文件和证书包含文件夹的所有者是 mosquitto 还是 root。

I also tried not using the symbolic links of.../live/... and tested using directly the files in /etc/letsencrypt/archive/... location instead, did not work.我还尝试不使用.../live/... 的符号链接,而是直接使用 /etc/letsencrypt/archive/... 位置中的文件进行测试,但没有成功。

I did not check if some individual file is causing the issue, just moved them all.我没有检查是否是某个单独的文件导致了问题,只是将它们全部移动了。 Tried afterwards to symlink from..mosquitto/certs one of the files only to note that mosquitto will fail to start.之后尝试从..mosquitto/certs 符号链接其中一个文件,只是注意到 mosquitto 将无法启动。 For this server set-up to run, I need to keep the certificate files in...mosquitto/certs folder" .要运行此服务器设置,我需要将证书文件保存在...mosquitto/certs 文件夹中”

解决方案2
 0  2023-01-14 20:49:38

Changing the certificate/key permissions fixed the issue for me.更改证书/密钥权限为我解决了这个问题。 Eg例如

sudo chmod 744 raspberrypi.crt sudo chmod 744 raspberrypi.crt

sudo chmod 644 raspberrypi.key sudo chmod 644 raspberrypi.key

As per this forum:- https://github.com/owntracks/tools/issues/6根据这个论坛:- https://github.com/owntracks/tools/issues/6

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法重新启动 ntpd.service - Failed to restart ntpd.service Google Cloud Composer 重启后失败 - Google Cloud Composer failed after restart 如何使用 mqtt.js 连接到运行在谷歌云虚拟机实例上的 Mosquitto MQTT Broker - How to connect to Mosquitto MQTT Broker, that is running on a Google Cloud Virtual Machine Instance, using mqtt.js Ubuntu '未能重新启动 apache2.service:找不到单元 apache2.service。' - Ubuntu 'Failed to restart apache2.service: Unit apache2.service not found.' 添加 Firebase 后,执行本机任务 ':app:processDebugGoogleServices' 失败 - Execution failed for task ':app:processDebugGoogleServices' for react native after adding Firebase Kafka 偏移量在重启后重置 - Kafka offset is reset after restart Gitlab SSL 内部和外部访问配置 - Gitlab SSL Configuration for both Internal and External Access 错误:包“gifski”的配置失败 - ERROR: configuration failed for package ‘gifski’ 读取应用服务的配置部分 - Reading Configuration Section of an App Service 将 Firebase 添加到 flutter 应用程序后,iOS 构建失败 - iOS build failed after adding Firebase to flutter app
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM