Chirpstack 4 Mosquitto TLS configuration fails

Hi, In the course of testing Chirpstack 4 on a Raspberry (debian/ubuntu, no docker) I did the mosquitto TLS configuration according to the following documentation:

This runs at first until a reboot of the server is performed, then I get the following error message:

chirpstack[692]: INFO chirpstack::integration::mqtt: Connecting to MQTT broker server_uri=tcp://localhost:1883/ client_id=xxx clean_session=false
chirpstack[692]: Error: Setup MQTT integration
chirpstack[692]: Caused by:
chirpstack[692]:     0: Connect to MQTT broker
chirpstack[692]:     1: [-1] TCP/TLS connect failure
systemd[1]: chirpstack.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: chirpstack.service: Failed with result 'exit-code'.
systemd[1]: chirpstack.service: Scheduled restart job, restart counter is at 5.
systemd[1]: Stopped ChirpStack open-source LoRaWAN Network Server.
systemd[1]: chirpstack.service: Start request repeated too quickly.
systemd[1]: chirpstack.service: Failed with result 'exit-code'.
systemd[1]: Failed to start ChirpStack open-source LoRaWAN Network Server.

I think maybe it is because of the permission settings? To get the ca.pem, cert.pem and key.pem from the Chirpstack web-interface under integration MQTT, I changed the ownership of the /etc/chirpstack/certs directory and files to the owner chirpstack. However, I am getting nowhere with the above error message.

I would be grateful for support, also how the ownership/permission assignment of the directories and files of /etc/chirpstack/certs and /etc/mosquitto/certs to be created must look, in order to achieve at the same time the best possible security.

Solved with ownership

Do you have V4 working with Semtech Basic Station now that you fixed your certs issue?


Not yet tested the Semtech Basic Station.