18 lines
939 B
Markdown
18 lines
939 B
Markdown
|
# Using Lets Encrypt with Mosquitto
|
||
|
|
||
|
On Unix like operating systems, Mosquitto will attempt to drop root access as
|
||
|
soon as it has loaded its configuration file, but before it has activated any
|
||
|
of that configuration. This means that if you are using Lets Encrypt TLS
|
||
|
certificates, it will be unable to access the certificates and private keys
|
||
|
typically located in /etc/letsencrypt/live/
|
||
|
|
||
|
To help with this problem there is an example `deploy` renewal hook script in
|
||
|
`misc/letsencrypt/mosquitto-copy.sh` which shows how the certificate and
|
||
|
private key for a mosquitto broker can be copied to /etc/mosquitto/certs/ and
|
||
|
given the correct ownership and permissions so the broker can access them, but
|
||
|
no other user can. It then signals Mosquitto to reload the certificates.
|
||
|
|
||
|
Use of this script allows you to happily use Lets Encrypt certificates with
|
||
|
Mosquitto without needing root access for Mosquitto, and without having to
|
||
|
restart Mosquitto.
|