[chbot] help with ssl certs for mqtt broker in debian 11?

Sat Aug 21 06:59:59 BST 2021

Heya Gang,

With lockdown i had the time to try getting a vps running with a web server and mqtt broker.  The goal was

A Web Host with https certification
a mosquitto MQTT broker with both port 1883 mqtt access as well as secured websocket access to the broker at port 9001.

Short story:  I’m not a unix or a web guy, but I have managed to get everything but the secure websockets for mosquitto working.  I can run unsecured websockets to mosquitto and my https certs are working, but mosquitto chokes out if i try to link to the letsencrypt certs from its config. I have no idea if this is permissions or what, but i’m stuck and baffled. 

Long version:

I started by ordering a $30/month vps from voyager.  They demanded to do a background check and were painfully unresponsive to presale queries (ignoring at least 3 messages over 5 days)  A day after ordering from voyager with no estimated timeframe, I got frustrated and ordered a $3 vps from aliababa cloud to play with in the meantime.  Alibaba had the distro active in less than a minute.  However, (and unfortunately for me), both alibaba and voyager only offered debian distros in version 8… and although I was able to register an .xyz domain for 18c from alibaba, I could never figure out how to get websockets working with the old version of mosquitto in debian 8… so

2 days later after that I got frustrated and ordered a vps ($5/month) from linode (they had an oz server rack) and their debian distro went up to 11!  So, I ordered it and it was activated and booting 20 seconds after my CC was approved!  I installed mosquitto 2.x and nginx onto debian 11 without any problems.  I bought a random cheap domain from namecheap ($7 instead of 18c, but oh well) got the dns routed, got https certs working great with nginx and got websockets working on port 9001 with mosquitto.

However, for my application i need to use secured websockets (I don’t care at all whether they are secured, but i need to have a webpage make the connection, and that requires ssl)

All the tutorials i can find online simply tell me to point to my letsencrypt certs from the mosquitto config.

I have this as my mosquitto config (as per the tutorials):
per_listener_settings false
allow_anonymous false
password_file /etc/mosquitto/passwordfile

listener 1883
protocol mqtt

listener 9001
protocol websockets
certfile /etc/letsencrypt/live/devlincross.co.uk/cert.pem
cafile /etc/letsencrypt/live/devlincross.co.uk/chain.pem
keyfile /etc/letsencrypt/live/devlincross.co.uk/privkey.pem
(this is the correct path to the files, which are all there)

with this error: 1629522697: Error: Unable to create websockets listener on port 9001.

when this didn’t work, i also tried copying the letsencrypt certs into mosquitto/certs but no change.

I know its a long shot, but is there anybody in the robotics club that knows what all the above means and is able to give me a hand?  

Oh, and the end of the story is that while alibabacloud took 1 minute to partition their vps, linode took 25 seconds and... Voyager took 6 DAYS, and the links they sent out to the domain manager were broken.  I tried to cancel the vps at the 3 day mark, but they had yet to issue me a custer ID number so there was no way to cancel it.  They finally gave me an ID after the (broken) server went up so i immediately cancelled the service.  

Thanks for any help!
-Andrew

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/chchrobotics/attachments/20210821/0e7f59a3/attachment.html>