[英]Mosquitto MQTT service failed to restart after adding SSL configuration
I'm trying to configure SSL access to my mosquitto bridrge on Amazon EC2, Ubuntu 18 server.我正在尝试配置 SSL 访问我在 Amazon EC2 Ubuntu 18 服务器上的 mosquitto bridrge。 I followed the steps described in mosquitto tls docs and ended up with the following files:
我按照mosquitto tls 文档中描述的步骤进行操作,最终得到以下文件:
in a temporary directory.在临时目录中。
Then I copied three files:然后我复制了三个文件:
sudo cp ca.crt /etc/mosquitto/ca_certificates/
sudo cp server.key /etc/mosquitto/certs/
sudo cp server.crt /etc/mosquitto/certs/
Then I added the following section to the configuration file:然后我将以下部分添加到配置文件中:
listener 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.crt
Then I wanted to restart mosquitto:然后我想重新启动mosquitto:
sudo service mosquitto restart
This doesn't work and responds with这不起作用并响应
> Job for mosquitto.service failed because the control process exited with error code.
> See "systemctl status mosquitto.service" and "journalctl -xe" for details.
I tried both and there was just information, that the configuration is wrong.我都试过了,只有信息说配置是错误的。
I tried commenting out different lines and the following structure let's the service restart:我尝试注释掉不同的行和以下结构让服务重新启动:
listener 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
keyfile /etc/mosquitto/certs/server.key
#certfile /etc/mosquitto/certs/server.crt
Unfortunatelly, the certfile is nessesary for the configuration to work.不幸的是,证书文件是配置工作所必需的。 I checked the example configuration and the docs, and the certfile is a legal and required parameter.
我检查了示例配置和文档,并且 certfile 是合法且必需的参数。
How can I solve this issue?我该如何解决这个问题?
I'm running Mosquitto on Ubuntu server.我在 Ubuntu 服务器上运行 Mosquitto 。 I ran also into Mosquitto failing to start after adding SSL certificates and configuration.
在添加 SSL 证书和配置后,我还遇到了 Mosquitto 无法启动的问题。 I got a standalone certificate from Let’s Encrypt by Certbot tool.
我从Let's Encrypt by Certbot工具获得了一个独立的证书。
Version information: Ubuntu 18.04.5 LTS, Mosquitto 2.0.4.版本信息: Ubuntu 18.04.5 LTS,Mosquitto 2.0.4。 (MQTT v5.0/v3.1.1/v3.1 broker) and Certbot 1.11.0.
(MQTT v5.0/v3.1.1/v3.1 代理)和 Certbot 1.11.0。
In original and failing configuration the mosquitto was configured to use certificates in /etc/letsencrypt... location.在原始和失败的配置中,mosquitto 被配置为使用 /etc/letsencrypt... 位置中的证书。
My solution was to move all certificate files from /etc/letsencrypt/archive/ into /etc/mosquitto/ -folder and make the respective certificate file pointers in mosquitto configuration to point to this location .我的解决方案是将所有证书文件从 /etc/letsencrypt/archive/ 移动到 /etc/mosquitto/ -文件夹中,并使 mosquitto 配置中的相应证书文件指针指向此位置。
Most relevant debugging for the problem in the trouble shooting is available in the logfile /var/log/mosquitto/mosquitto.log file.*日志文件 /var/log/mosquitto/mosquitto.log 文件中提供了故障排除中问题的最相关调试。*
Further info about troubleshooting有关故障排除的更多信息
Playing around with ownerships did not have any effect , in this case.在这种情况下,玩弄所有权没有任何效果。 The final configuration with certificates in /etc/mosquitto/certs folder worked regardless if the owner of the files and certificate containing folder was mosquitto or root.
/etc/mosquitto/certs 文件夹中的证书的最终配置有效,无论文件和证书包含文件夹的所有者是 mosquitto 还是 root。
I also tried not using the symbolic links of.../live/... and tested using directly the files in /etc/letsencrypt/archive/... location instead, did not work.我还尝试不使用.../live/... 的符号链接,而是直接使用 /etc/letsencrypt/archive/... 位置中的文件进行测试,但没有成功。
I did not check if some individual file is causing the issue, just moved them all.我没有检查是否是某个单独的文件导致了问题,只是将它们全部移动了。 Tried afterwards to symlink from..mosquitto/certs one of the files only to note that mosquitto will fail to start.
之后尝试从..mosquitto/certs 符号链接其中一个文件,只是注意到 mosquitto 将无法启动。 For this server set-up to run, I need to keep the certificate files in...mosquitto/certs folder" .
要运行此服务器设置,我需要将证书文件保存在...mosquitto/certs 文件夹中” 。
Changing the certificate/key permissions fixed the issue for me.更改证书/密钥权限为我解决了这个问题。 Eg
例如
sudo chmod 744 raspberrypi.crt sudo chmod 744 raspberrypi.crt
sudo chmod 644 raspberrypi.key sudo chmod 644 raspberrypi.key
As per this forum:- https://github.com/owntracks/tools/issues/6根据这个论坛:- https://github.com/owntracks/tools/issues/6
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.