MQTT server with SSL/TLS Error: Unable to load server key file

Question

I am trying to set up an MQTT broker with SSL. When I start the broker, I get this error:

1452342536: Error: Unable to load server key file "/home/ilab/mqtt/server/server.key". Check keyfile.

The following is my mosquitto.conf:

pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
cafile /home/ilab/mqtt/CA/ca.crt
certfile /home/ilab/mqtt/server/server.crt
keyfile /home/ilab/mqtt/server/server.key
port 8883
tls_version tlsv1

I also followed the step mentioned in THIS question. But still didn't solve the problem.

Answer 1

I had similar issue and it seems like it got fixed by changing the permissions to read the file from: -rw------- to -rw-r--r-- for the file /etc/mosquitto/certs/mqtt-server.key

Steps:

• Navigate to the directory

cd /etc/mosquitto/certs

• List file permissions (-rw-------)

ls -l

• As root, change all users permission to read the file

sudo chmod a+r mqtt-server.key

• List file permissions again to see changes (now -rw-r--r--)

ls -l

• Restart the broker/server

sudo systemctl restart mosquitto

I not sure if this pose any security issue, but hope not. Planning on using authorization and encryption to access the server from the web.

Answer 2

I had the same issue. I fixed it by providing the fullchain.pem instead of the chain.pem in the configuration.

Answer 3

You can even try changing the name of server.crt to cert.pem and server .key to key.pem in the path mqtt/certs/ Also don't forget to change the path and file name in your code.

Answer 4

As @hardillb implies, try removing the password or start the broker manually.

Alternatively, if you're on Ubuntu then apparmor may be restricting access to those files. Try put them in /etc/mosquitto/certs instead.