Chirpstack 4 Mosquitto TLS configuration fails

anop · September 9, 2022, 10:02am

Hi, In the course of testing Chirpstack 4 on a Raspberry (debian/ubuntu, no docker) I did the mosquitto TLS configuration according to the following documentation:
https://www.chirpstack.io/docs/guides/mosquitto-tls-configuration.html

This runs at first until a reboot of the server is performed, then I get the following error message:

chirpstack[692]: INFO chirpstack::integration::mqtt: Connecting to MQTT broker server_uri=tcp://localhost:1883/ client_id=xxx clean_session=false
chirpstack[692]: Error: Setup MQTT integration
chirpstack[692]: Caused by:
chirpstack[692]:     0: Connect to MQTT broker
chirpstack[692]:     1: [-1] TCP/TLS connect failure
systemd[1]: chirpstack.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: chirpstack.service: Failed with result 'exit-code'.
systemd[1]: chirpstack.service: Scheduled restart job, restart counter is at 5.
systemd[1]: Stopped ChirpStack open-source LoRaWAN Network Server.
systemd[1]: chirpstack.service: Start request repeated too quickly.
systemd[1]: chirpstack.service: Failed with result 'exit-code'.
systemd[1]: Failed to start ChirpStack open-source LoRaWAN Network Server.

I think maybe it is because of the permission settings? To get the ca.pem, cert.pem and key.pem from the Chirpstack web-interface under integration MQTT, I changed the ownership of the /etc/chirpstack/certs directory and files to the owner chirpstack. However, I am getting nowhere with the above error message.

I would be grateful for support, also how the ownership/permission assignment of the directories and files of /etc/chirpstack/certs and /etc/mosquitto/certs to be created must look, in order to achieve at the same time the best possible security.

anop · September 17, 2022, 4:24pm

Solved with ownership

Jim · September 22, 2022, 11:29am

Do you have V4 working with Semtech Basic Station now that you fixed your certs issue?

Jim

anop · September 22, 2022, 6:10pm

Not yet tested the Semtech Basic Station.

Guilleojeda · October 3, 2022, 4:11pm

@anop Ownership of what? Could you please expand on how you solved this? I’m experiencing the same issue

anop · October 5, 2022, 7:33am

As explained in the manual: You need to modify the ownership and / or permissions of the created directory and files. Chirpstack and mosquitto need the appropriate permissions. See:

sudo ls -l /etc/chirpstack/certs/
sudo ls -l /etc/mosquitto/certs

imt_commander · October 22, 2022, 1:43am

@anop what did you exactly do? cause I got the following with sudo ls -l

What should I do to give ownership to chirpstack? I have similar issue like yours

Thank you a lot!

mic2909 · October 23, 2022, 4:20am

I have the same problem too…

mic2909 · October 23, 2022, 4:22am

Okay, what ownership (who) need to be set??? I changed permissions, but no result.

anop · October 23, 2022, 7:19am

It works if you change the ownership of the certs directory to chirpstack using the chown command.

sudo chown -R chirpstack: /etc/chirpstack/certs

Same with mosquitto.

mic2909 · October 23, 2022, 8:42am

Thanks a lot! Because i’m not familiar with *nix systems…

Pedro_Ramirez · October 31, 2022, 4:55pm

Thanks Bro! I almost blow my mind

system · January 29, 2023, 4:55pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.