Re: [mosquitto-dev] Mosquitto over SSL refuses publishing message

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] Mosquitto over SSL refuses publishing message

From: Ben Hardill <hardillb@xxxxxxxxx>
Date: Mon, 16 Sep 2019 07:31:58 +0100
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0

You have already asked this question on Stack Overflow
(https://stackoverflow.com/questions/57937902/mosquitto-over-ssl-refuses-publishing-message)
where we are slowly getting enough information out of you to answer the
question.

Cross posting it to multiple places only splits the places where people
have to look to get all the relevant information.

You've not mentioned how you've setup anywhere nginx, is it reverse
proxying for mosquitto? if so is it doing SSL termination?

On 16/09/2019 02:03, Aman Alam wrote:
> First post here, and as usual, I am posting because I am stuck in a problem.
> Apologies in advance if I make any mistakes.
> 
> I am having some trouble with Mosquitto (MQTT) over SSL (with letsencrypt).
> 
> I have it installed on a RoR Ubuntu 18.04 server, on Digital Ocean, with
> Nginx installed.
> 
> This setup worked perfectly for public messages.
> 
> Then, for communication over SSL, port 8883 is listening to all traffic
> on the domain name.
> 
> The ports are allowed in firewall.
> 
> My Problem is, whenever I try to publish over SSL, I get an error.
> Here's the full log:
> 
> |$mosquitto_pub -d -h my-domain.xyz <http://my-domain.xyz> -t test -m
> "hello again" -p 8883 --capath /etc/ssl/certs/ -u “some-user” -P
> "p@s$w0rd" Client mosqpub|23889-mosquitto sending CONNECT Client
> mosqpub|23889-mosquitto received CONNACK Connection Refused: not
> authorised. Error: The connection was refused. |
> 
> 
> I am having some trouble with Mosquitto (MQTT) over SSL (with letsencrypt).
> 
> I have it installed on a RoR Ubuntu 18.04 server, on Digital Ocean, with
> Nginx installed.
> 
> This setup worked perfectly for public messages.
> 
> Then, for communication over SSL, port 8883 is listening to all traffic
> on the domain name.
> 
> The ports are allowed in firewall.
> 
> My Problem is, whenever I try to publish over SSL, I get an error.
> Here's the full log:
> 
> |"$mosquitto_pub -d -h my-domain.xyz <http://my-domain.xyz> -t test -m
> "hello again" -p 8883 --capath /etc/ssl/certs/ -u “some-user” -P
> "p@s$w0rd" Client mosqpub|23889-mosquitto sending CONNECT Client
> mosqpub|23889-mosquitto received CONNACK Connection Refused: not
> authorised. Error: The connection was refused." |
> 
> Here is my |../conf.d/default.conf|
> 
> |"allow_anonymous false password_file /etc/mosquitto/passwd listener
> 1883 localhost listener 8883 certfile
> /etc/letsencrypt/live/my-domain.xyz/cert.pem
> <http://my-domain.xyz/cert.pem> cafile
> /etc/letsencrypt/live/my-domain.xyz/chain.pem
> <http://my-domain.xyz/chain.pem> keyfile
> /etc/letsencrypt/live/my-domain.xyz/privkey.pem
> <http://my-domain.xyz/privkey.pem> " |
> 
> When I run mosquitto client in blocking mode by manually providing the
> conf file, here's what I get:
> 
> |"$ mosquitto -c /etc/mosquitto/conf.d/default.conf 1568594709:
> mosquitto version 1.4.15 (build date Tue, 18 Jun 2019 11:42:22 -0300)
> starting 1568594709: Config loaded from
> /etc/mosquitto/conf.d/default.conf. 1568594709: Opening ipv4 listen
> socket on port 1883. 1568594709: Opening ipv4 listen socket on port
> 8883. 1568594709: Opening ipv6 listen socket on port 8883. 1568594709:
> Error: Unable to load CA certificates. Check cafile
> "/etc/letsencrypt/live/my-domain.xyz/chain.pem
> <http://my-domain.xyz/chain.pem>"." |
> 
> Does it look like a permissions problem?
> 
> I followed the following guide, on an *Ubuntu 18.04* :
> https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-ubuntu-16-04
> 
> What could be going wrong?
> 
> I can provide any other details that you want.
> 
> Thanks so much!
> -- 
> *Aman Alam*
> amanalam.com <https://www.amanalam.com>
> 
> (Not sent from an iPhone)
> 
> 
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/mosquitto-dev
> 

-- 
http://www.hardill.me.uk/wordpress
http://about.me/hardillb
http://flickr.com/photos/hardillb/
http://last.fm/user/hardillb
https://keybase.io/hardillb

References:
- [mosquitto-dev] Mosquitto over SSL refuses publishing message
  - From: Aman Alam

Prev by Date: Re: [mosquitto-dev] Mosquitto over SSL refuses publishing message
Next by Date: Re: [mosquitto-dev] Remove leading slash in topic name in bridge remapping
Previous by thread: Re: [mosquitto-dev] Mosquitto over SSL refuses publishing message
Next by thread: Re: [mosquitto-dev] Mosquitto over SSL refuses publishing message
Index(es):
- Date
- Thread

Breadcrumbs