Error Reading CA Certificate File in ChirpStack Setup

Hello everyone!

I’m encountering a problem when trying to start ChirpStack. The error message I receive is:

level=fatal msg="setup backend error: new backend error: read ca cert error: open /etc/chirpstack-gateway-bridge/certs/ca.pem: no such file or directory"

To deploy ChirpStack v4, I’m using Docker-compose version 1.29.2 on Ubuntu 22.04.2 LTS.

I followed the official instructions to configure ChirpStack, but I’m still facing this issue.

It seems to be similar to problems discussed in other topics on this forum:

Here are the configuration files I’m using:

  1. chirpstack.toml

  2. chirpstack-gateway-bridge.toml

  3. /etc/mosquitto/acl

  4. /etc/mosquitto/conf.d/listeners.conf

I haven’t made any changes to the docker-compose.yml file.

From what I understand, the “no such file or directory” error could be due to incorrect permissions or ownership of the certificate files. To check the permissions, I used the following command:

ls -l /etc/chirpstack-gateway-bridge/certs/ca.pem

Additionally, I attempted to view the content of the certificate with:

cat /etc/chirpstack-gateway-bridge/certs/ca.pem

If the issue is related to the ownership or permissions of my certificate files, could you please advise on the appropriate settings? Or could there be another underlying problem?

Thank you in advance for your help!

You didn’t show the Chirpstack service in the shared docker-compose.yml but assuming you didn’t change anything the problem is probably that the certificate folder is not mounted to your container. Here’s my chirpstack service from docker-compose.yml:

    image: chirpstack/chirpstack:4.6.0
    command: -c /etc/chirpstack
    restart: unless-stopped
      # Mount Configuration
      - ./configuration/chirpstack:/etc/chirpstack
      # Mount Certificates
      - ./cscerts:/etc/chirpstack/certs
      # Mount Device Profiles
      - ./lorawan-devices:/opt/lorawan-devices
      - postgres
      - mosquitto
      - redis
      - MQTT_BROKER_HOST=mosquitto
      - REDIS_HOST=redis
      - POSTGRESQL_HOST=postgres

My certificate folder ‘cscerts’ is in the same directory as the docker-compose.yml file, then when the container is created it mounts it to /etc/chirpstack/certs

Then in my Chirpstack.toml I reference them like this:





EDIT: Sorry I clearly wasn’t paying enough attention to notice that your issue was with the gateway bridge and not chirpstack itself, I have my gateway bridge installed on the gateway so I am not super familiar.

One way to verify whether this a mounting or permissions issue is by running the docker-compose with sudo docker-compose up -d and then entering the gateway bridge container using docker exec -it <mycontainer> sh, where the container name is displayed when first running the docker-compose. You may have to edit your gateway-bridge.toml and comment out the references to the certificates for now so the container doesn’t exit.

Then check if the certificates are there under /etc/chirsptack-gateway-bridge/certs.

If they are there it’s a permission issue, if they are not it’s a mounting issue.

1 Like

Thank you so much for your help! Your advice has helped me solve my problem!

I misunderstood how to properly configure mounting volumes in the docker-compose.yml file. Here’s what I learned:


    image: chirpstack/chirpstack:4
    command: -c /etc/chirpstack
    restart: unless-stopped
      - ./configuration/chirpstack:/etc/chirpstack
      - ./lorawan-devices:/opt/lorawan-devices

  • ./configuration/chirpstack refers to the path on the host.
  • /etc/chirpstack refers to the path inside the containers, indicating where the host directory will be visible within the container.

Consequently, I should have placed the certs/ca.pem file in ./configuration/chirpstack on my host, which I initialy did incorrectly (the same applies to chirpstack-gateway-bridge certificates).

This experience has clarified my understanding and shown me that I need to learn more about the technology I work with)

1 Like

Everyone starts somewhere man, it was probably only a month ago I was having the same mounting issues you were :laughing:

Glad I could help

1 Like