d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
afba3ec9a0
mosquitto/README-letsencrypt.md

18 lines
939 B
Markdown
Raw Normal View History

Breaking: Drop privileges after loading the configuration This change means privileges are dropped before loading certificates, starting logging, creating the pid file etc. are carried out, so all of those actions must now be changed to ensure that the unprivileged user can carry them out.
2020-11-05 12:05:07 +00:00
# Using Lets Encrypt with Mosquitto
On Unix like operating systems, Mosquitto will attempt to drop root access as
soon as it has loaded its configuration file, but before it has activated any
of that configuration. This means that if you are using Lets Encrypt TLS
certificates, it will be unable to access the certificates and private keys
typically located in /etc/letsencrypt/live/
To help with this problem there is an example `deploy` renewal hook script in
`misc/letsencrypt/mosquitto-copy.sh` which shows how the certificate and
private key for a mosquitto broker can be copied to /etc/mosquitto/certs/ and
given the correct ownership and permissions so the broker can access them, but
no other user can. It then signals Mosquitto to reload the certificates.
Use of this script allows you to happily use Lets Encrypt certificates with
Mosquitto without needing root access for Mosquitto, and without having to
restart Mosquitto.
Reference in New Issue Copy Permalink