错误:
ubuntu@ip-172-31-37-161:~$ sudo systemctl status mosquitto.service
× mosquitto.service - Mosquitto MQTT Broker
Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2023-01-02 18:36:02 UTC; 10min ago
Docs: man:mosquitto.conf(5)
man:mosquitto(8)
Process: 7652 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 7653 ExecStartPre=/bin/chown mosquitto /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 7654 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, status=0/SUCCESS)
Process: 7655 ExecStartPre=/bin/chown mosquitto /run/mosquitto (code=exited, status=0/SUCCESS)
Process: 7656 ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf (code=exited, status=1/FAILURE)
Main PID: 7656 (code=exited, status=1/FAILURE)
CPU: 14ms
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Main process exited, code=exited, status=1/FAILURE
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Failed with result 'exit-code'.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: Failed to start Mosquitto MQTT Broker.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Scheduled restart job, restart counter is at 5.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: Stopped Mosquitto MQTT Broker.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Start request repeated too quickly.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: mosquitto.service: Failed with result 'exit-code'.
Jan 02 18:36:02 ip-172-31-37-161 systemd[1]: Failed to start Mosquitto MQTT Broker.
我的 conf.d 文件:
allow_anonymous false
password_file /etc/mosquitto/passwd
listener 1883
#NON SECURE PORT
listener 1884
certfile /etc/letsencrypt/live/domain.com/cert.pem
cafile /etc/letsencrypt/live/domain.com/chain.pem
keyfile /etc/letsencrypt/live/domain.com/privkey.pem
如果我评论或删除最后一行:keyfile,那么 Mosquitto 代理工作正常并且没有错误。任何人都可以帮助解决这个问题。谢谢!!
您需要确保
mosquitto
用户具有对证书和密钥文件的读取权限。
默认情况下,密钥文件只能由
root
用户读取。
附言您可能应该使用
fullchain.pem
文件而不是cert.pem
以确保一切正常。