search

eclipse-mosquitto / mosquitto

Eclipse Mosquitto - An open source MQTT broker
https://mosquitto.org
Other
9.12k stars 2.41k forks source link

Mosquitto runs in docker and prompts ssl error, unable to start! #2843

Open wei1980okb opened 1 year ago

wei1980okb commented 1 year ago

I need your help, thank you very much!

Mosquitto docker version mosquitto version 2.0.15 Operating platform: ubuntu 18.04 (Docker version 19.03.13, build 4484c46d9d) or ubuntu 20.04 or Synology

I enable the ssl certificate in mosquitto.conf, the mosquitto.log shows the following error, and mosquitto cannot be started, and has been restarting. Repeatedly generating certificates with openssl can not be solved. Disable certfile and keyfile, and docker can start normally.

error code

1688614853: mosquitto version 2.0.15 starting 1688614853: Config loaded from /mosquitto/config/mosquitto.conf. 1688614853: Opening ipv4 listen socket on port 1883. 1688614853: Opening websockets listen socket on port 1885. 1688614853: Opening ipv4 listen socket on port 1884. 1688614853: Error: Unable to load CA certificates. Check cafile "/mosquitto/config/ssl/ca.crt". 1688614853: Error: Unable to load server certificate "/mosquitto/config/ssl/server.crt". Check certfile. 1688614853: OpenSSL Error[0]: error:02FFF002:system library:func(4095):No such file or directory 1688614853: OpenSSL Error[1]: error:20FFF080:BIO routines:CRYPTO_internal:no such file 1688614853: OpenSSL Error[2]: error:0BFFF002:x509 certificate routines:CRYPTO_internal:system lib 1688614853: OpenSSL Error[3]: error:02FFF002:system library:func(4095):No such file or directory 1688614853: OpenSSL Error[4]: error:20FFF002:BIO routines:CRYPTO_internal:system lib 1688614853: OpenSSL Error[5]: error:14FFF002:SSL routines:(UNKNOWN)SSL_internal:system lib

mosquitto.conf

allow_anonymous false password_file /mosquitto/config/pwfile.conf

persistence true persistence_location /mosquitto/data

log_dest file /mosquitto/log/mosquitto.log

listener 1883 0.0.0.0 socket_domain ipv4 protocol mqtt

listener 1885 0.0.0.0 protocol websockets socket_domain ipv4

listener 1884 protocol mqtt socket_domain ipv4

cafile /mosquitto/config/ssl/ca.crt certfile /mosquitto/config/ssl/server.crt keyfile /mosquitto/config/ssl/server.key

====

Duckle29 commented 1 year ago

For me, this was because the files weren't present and/or not readable.

try and comment out the cafile/certfile/keyfile config lines. This should let the container start and then you can enter the docker container and check if the files are there.

#cafile /mosquitto/config/ssl/ca.crt
#certfile /mosquitto/config/ssl/server.crt
#keyfile /mosquitto/config/ssl/server.key

start the container

docker exec -it <container name> sh
ls -lah /mosquitto/config/ssl

make sure the tls files are there and with proper permissions

wei1980okb commented 1 year ago

Thank you, according to your hint, I have solved the problem.