Re: [mosquitto-dev] Mosquitto over SSL refuses publishing message

[Aman Alam <shekh.aman@xxxxxxxxx>]

Thanks so much everybody.

Nginx came with the on-click install of RoR on Digital Ocean,.

I don't know much about nginx, similarly I don't know too much about SSL, yet.

But I'll try to start finding out more about my config and post back here and on StackOverflow.

>Nginx, is it reverse proxying for mosquitto? if so is it doing SSL termination?

Nginx is reverse proxying for the Puma webserver, but I am not sure whether it's proxying for mosquitto or if it's doing SSL Termination.

I'll check that and report back.

Yes, this question is also on StackOverflow and is moving slowly, but it moved much faster here, and I at least learned that it's probably got to do more with Nginx :) (Thanks Anil, Greg)

(I'll definitely update StackOverflow when I find a solution)

-Aman

On Mon, Sep 16, 2019 at 10:46 AM Greg Troxel <gdt@xxxxxxxxxx> wrote:

<colin.helliwell@xxxxxxxxxxxxxx> writes:

> FWIW, I've had the same problem with Home Assistant - it needs the
> 'fullchain' file that LetsEncrypt generate, not the 'cert'.

It's not really a problem so much as an expected situation.  The nature
of PKIX is that there is a set of normal trust anchors and when you send
a cert from a server you have to send the entire chain except for what's
in the recipient's trust anchor set.   Many CAs have a root and then
intermeidate certificates used to sign end enitty certs.  If those
intermediate ones are sent, via using  the fullchain.pem file, nobody
notices this.
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/mosquitto-dev

--

Aman Alam

amanalam.com

(Not sent from an iPhone)