Chirpstack 4 Mosquitto TLS configuration fails

Hi, In the course of testing Chirpstack 4 on a Raspberry (debian/ubuntu, no docker) I did the mosquitto TLS configuration according to the following documentation:
https://www.chirpstack.io/docs/guides/mosquitto-tls-configuration.html

This runs at first until a reboot of the server is performed, then I get the following error message:

chirpstack[692]: INFO chirpstack::integration::mqtt: Connecting to MQTT broker server_uri=tcp://localhost:1883/ client_id=xxx clean_session=false
chirpstack[692]: Error: Setup MQTT integration
chirpstack[692]: Caused by:
chirpstack[692]:     0: Connect to MQTT broker
chirpstack[692]:     1: [-1] TCP/TLS connect failure
systemd[1]: chirpstack.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: chirpstack.service: Failed with result 'exit-code'.
systemd[1]: chirpstack.service: Scheduled restart job, restart counter is at 5.
systemd[1]: Stopped ChirpStack open-source LoRaWAN Network Server.
systemd[1]: chirpstack.service: Start request repeated too quickly.
systemd[1]: chirpstack.service: Failed with result 'exit-code'.
systemd[1]: Failed to start ChirpStack open-source LoRaWAN Network Server.

I think maybe it is because of the permission settings? To get the ca.pem, cert.pem and key.pem from the Chirpstack web-interface under integration MQTT, I changed the ownership of the /etc/chirpstack/certs directory and files to the owner chirpstack. However, I am getting nowhere with the above error message.

I would be grateful for support, also how the ownership/permission assignment of the directories and files of /etc/chirpstack/certs and /etc/mosquitto/certs to be created must look, in order to achieve at the same time the best possible security.

Solved with ownership

Do you have V4 working with Semtech Basic Station now that you fixed your certs issue?

Jim

Not yet tested the Semtech Basic Station.

@anop Ownership of what? Could you please expand on how you solved this? I’m experiencing the same issue

As explained in the manual: You need to modify the ownership and / or permissions of the created directory and files. Chirpstack and mosquitto need the appropriate permissions. See:

sudo ls -l /etc/chirpstack/certs/
sudo ls -l /etc/mosquitto/certs

@anop what did you exactly do? cause I got the following with sudo ls -l

What should I do to give ownership to chirpstack? I have similar issue like yours

Thank you a lot!

I have the same problem too…

Okay, what ownership (who) need to be set??? I changed permissions, but no result.

It works if you change the ownership of the certs directory to chirpstack using the chown command.

sudo chown -R chirpstack: /etc/chirpstack/certs

Same with mosquitto.

2 Likes

Thanks a lot! Because i’m not familiar with *nix systems…

Thanks Bro! I almost blow my mind