Comments on How to Install and Secure the Mosquitto MQTT Messaging Broker on Ubuntu 20.04

Mosquitto is an open-source message broker that uses the Message Queuing Telemetry Transport (MQTT) Protocol. The protocol is designed to provide lightweight communication to the Internet of Things (IoT) devices. In this tutorial, you will install Mosquitto and set up the broker to use SSL to protect communications.

4 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Rob Latour
Reply  

Hi, thanks for this write up.

In Step 4 

for the command

$ sudo certbot certonly --standalone

I am getting an error that says

The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Any ideas?

By: Rob Latour
Reply  

further to my earlier question, before the sudo certbot command, you have open up port 80; to do this I added:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

to

/etc/iptables/rules.v4

ref: https://stackoverflow.com/questions/75655922/ports-wont-open-on-oci-subnet

 

By: Rob Latour
Reply  

There is also, for me, a probelm in Step 5 with the command:

sudo systemctl restart mosquitto

Here is what I get:

ubuntu@mqtt-server:~$ sudo systemctl restart mosquitto

Job for mosquitto.service failed because the control process exited with error code.

See "systemctl status mosquitto.service" and "journalctl -xeu mosquitto.service" for details.

ubuntu@mqtt-server:~$ systemctl status mosquitto.service

× mosquitto.service - Mosquitto MQTT Broker

     Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor preset: enabled)

     Active: failed (Result: exit-code) since Sun 2023-06-11 22:34:01 UTC; 13s ago

       Docs: man:mosquitto.conf(5)

             man:mosquitto(8)

    Process: 1431 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)

    Process: 1432 ExecStartPre=/bin/chown mosquitto:mosquitto /var/log/mosquitto (code=exited, status=0/SUCCESS)

    Process: 1433 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, status=0/SUCCESS)

    Process: 1434 ExecStartPre=/bin/chown mosquitto:mosquitto /run/mosquitto (code=exited, status=0/SUCCESS)

    Process: 1435 ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf (code=exited, status=1/FAILURE)

   Main PID: 1435 (code=exited, status=1/FAILURE)

        CPU: 20ms

 

Jun 11 22:34:01 mqtt-server systemd[1]: mosquitto.service: Scheduled restart job, restart counter is at 5.

Jun 11 22:34:01 mqtt-server systemd[1]: Stopped Mosquitto MQTT Broker.

Jun 11 22:34:01 mqtt-server systemd[1]: mosquitto.service: Start request repeated too quickly.

Jun 11 22:34:01 mqtt-server systemd[1]: mosquitto.service: Failed with result 'exit-code'.

Jun 11 22:34:01 mqtt-server systemd[1]: Failed to start Mosquitto MQTT Broker.

 

Here is the contents of the defualt.conf file:

 

allow_anonymous false

listener 1883

password_file /etc/mosquitto/passwd

listener 8883

certfile /etc/mosquitto/certs/server.pem

cafile  /etc/ssl/certs/ISRG_Root_X1.pem

keyfile /etc/mosquitto/certs/server.key

dhparamfile /etc/ssl/certs/dhparam.pem

 

The restart fails with these contents.  However if I remove the lines added starting with listener 8883 then the mosiquitto service can be restarted.

 

Any insights would be appreciated.

By: Rob Latour
Reply  

So I somehow got by these, and further issues ...

So I somehow got past the above error, not exactly sure how.

However, ports all need to be opened also for certbot to work you need to install ngnix.

Still working on getting the websocket to work.