i was expecting log file to show either file not found (misnamed) or permission denied (user ‘mosquitto’ not able to read). maybe need to add log_type debug to config file to get that message. anyway, looks like you fixed perms problem
note: if you moved (not copied) them from letsencrypt, better put them back then copy them, or the cert refresh will get confused ⊣GE⊢ > On 30 Sep 2023, at 12:25 am, Stefan Gliessmann <[email protected]> > wrote: > > Well - I just moved my certs from the lets encrypt dir to the mosquitto/cert > dir and now mosquitto restarted without problems ... :) > > > On Fri, Sep 29, 2023 at 3:41 PM Graham Eddy <[email protected] > <mailto:[email protected]>> wrote: >> try sudo journalctl -u mosquitto -n 50 to see the log messages (or sudo tail >> -50 /var/log/mosquitto/* if it puts them there instead) >> ⊣GE⊢ >> >>> On 29 Sep 2023, at 11:35 pm, Stefan Gliessmann <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> I am trying to get my weather station web presence secure with https:// >>> Therefore, I also need my MQTT server be secure via SSL. >>> >>> I followed the setup by >>> https://obrienlabs.net/how-to-setup-your-own-mqtt-broker/ >>> >>> I received my certificates from Let's encrypt and edited my mosquitto >>> config file accordingly: >>> >>> GNU nano 6.2 /etc/mosquitto/conf.d/myconfig.conf >>> >>> persistence false >>> allow_anonymous true >>> #allow_zero_length_clientid true >>> password_file /etc/mosquitto/passwd >>> acl_file /etc/mosquitto/acl >>> # mqtt >>> #listener 1883 localhost >>> listener 8883 >>> certfile /etc/letsencrypt/live/weewx.bz3gfkrlqtrsc3sv.myfritz.net/cert.pem >>> <http://weewx.bz3gfkrlqtrsc3sv.myfritz.net/cert.pem> >>> cafile /etc/letsencrypt/live/weewx.bz3gfkrlqtrsc3sv.myfritz.net/chain.pem >>> <http://weewx.bz3gfkrlqtrsc3sv.myfritz.net/chain.pem> >>> keyfile >>> /etc/letsencrypt/live/weewx.bz3gfkrlqtrsc3sv.myfritz.net/privkey.pem >>> <http://weewx.bz3gfkrlqtrsc3sv.myfritz.net/privkey.pem> >>> tls_version tlsv1.2 >>> protocol mqtt >>> # websockets >>> listener 9001 >>> certfile /etc/letsencrypt/live/weewx.bz3gfkrlqtrsc3sv.myfritz.net/cert.pem >>> <http://weewx.bz3gfkrlqtrsc3sv.myfritz.net/cert.pem> >>> cafile /etc/letsencrypt/live/weewx.bz3gfkrlqtrsc3sv.myfritz.net/chain.pem >>> <http://weewx.bz3gfkrlqtrsc3sv.myfritz.net/chain.pem> >>> keyfile >>> /etc/letsencrypt/live/weewx.bz3gfkrlqtrsc3sv.myfritz.net/privkey.pem >>> <http://weewx.bz3gfkrlqtrsc3sv.myfritz.net/privkey.pem> >>> protocol websockets >>> >>> every time I reboot now mosquitto, I get an error by mosquitto: >>> >>> root@weewx:/# sudo systemctl restart mosquitto.service >>> Job for mosquitto.service failed because the control process exited with >>> error code. >>> See "systemctl status mosquitto.service" and "journalctl -xeu >>> mosquitto.service" for details. >>> root@weewx:/# sudo systemctl status mosquitto.service >>> × mosquitto.service - Mosquitto MQTT Broker >>> Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor >>> preset: enabled) >>> Active: failed (Result: exit-code) since Fri 2023-09-29 15:32:19 CEST; >>> 1s ago >>> Docs: man:mosquitto.conf(5) >>> man:mosquitto(8) >>> Process: 542132 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto >>> (code=exited, status=0/SUCCESS) >>> Process: 542133 ExecStartPre=/bin/chown mosquitto /var/log/mosquitto >>> (code=exited, status=0/SUCCESS) >>> Process: 542134 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto >>> (code=exited, status=0/SUCCESS) >>> Process: 542135 ExecStartPre=/bin/chown mosquitto /run/mosquitto >>> (code=exited, status=0/SUCCESS) >>> Process: 542136 ExecStart=/usr/sbin/mosquitto -c >>> /etc/mosquitto/mosquitto.conf (code=exited, status=1/FAILURE) >>> Main PID: 542136 (code=exited, status=1/FAILURE) >>> CPU: 22ms >>> >>> Sep 29 15:32:19 weewx systemd[1]: mosquitto.service: Scheduled restart job, >>> restart counter is at 5. >>> Sep 29 15:32:19 weewx systemd[1]: Stopped Mosquitto MQTT Broker. >>> Sep 29 15:32:19 weewx systemd[1]: mosquitto.service: Start request repeated >>> too quickly. >>> Sep 29 15:32:19 weewx systemd[1]: mosquitto.service: Failed with result >>> 'exit-code'. >>> Sep 29 15:32:19 weewx systemd[1]: Failed to start Mosquitto MQTT Broker. >>> root@weewx:/# >>> >>> Once I command the certificates out, mosquitto starts up fine. >>> >>> I double checked that the certificates can be read by everybody. >>> >>> Any clue what else I check for? >>> >>> TIA, >>> Stefan >>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "weewx-user" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] >>> <mailto:[email protected]>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/weewx-user/0fb5acdb-156e-489c-a3bb-06acfe4381a8n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/weewx-user/0fb5acdb-156e-489c-a3bb-06acfe4381a8n%40googlegroups.com?utm_medium=email&utm_source=footer>. >> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "weewx-user" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/weewx-user/wP9f-eDW6tk/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected] >> <mailto:[email protected]>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/weewx-user/049C6B06-B1C3-4335-A1A3-B690452E44B1%40geddy.au >> >> <https://groups.google.com/d/msgid/weewx-user/049C6B06-B1C3-4335-A1A3-B690452E44B1%40geddy.au?utm_medium=email&utm_source=footer>. > > > -- > You received this message because you are subscribed to the Google Groups > "weewx-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/weewx-user/CACXWM9Rx8n03ZtFY%3DKjAn%2BN-4YxpGnemgO%2BjiZ-BX4Pf4JqOPA%40mail.gmail.com > > <https://groups.google.com/d/msgid/weewx-user/CACXWM9Rx8n03ZtFY%3DKjAn%2BN-4YxpGnemgO%2BjiZ-BX4Pf4JqOPA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/3FF61460-DF86-4D66-AA8C-EE99B0978672%40geddy.au.
