30 lines
897 B
Markdown
30 lines
897 B
Markdown
<!--
|
|
.. title: Using Let's Encrypt certificates with mosquitto
|
|
.. slug: using-lets-encrypt-certificates-with-mosquitto
|
|
.. date: 2015-12-13 19:53:37
|
|
.. tags: certificates,encryption,tls
|
|
.. category:
|
|
.. link:
|
|
.. description:
|
|
.. type: text
|
|
-->
|
|
|
|
If you want to use TLS certificates you've generated using the [Let's Encrypt]
|
|
service, this is how you should configure your listener (replace "example.com"
|
|
with your own domain of course):
|
|
|
|
Then use the following for your mosquitto.conf:
|
|
|
|
```
|
|
listener 8883
|
|
cafile /etc/ssl/certs/DST_Root_CA_X3.pem
|
|
certfile /etc/letsencrypt/live/example.com/fullchain.pem
|
|
keyfile /etc/letsencrypt/live/example.com/privkey.pem
|
|
```
|
|
|
|
You need to be aware that current versions of mosquitto never update listener
|
|
settings when running, so when you regenerate the server certificates you will
|
|
need to completely restart the broker.
|
|
|
|
[Let's Encrypt]: https://letsencrypt.org/
|