Reputation: 1
Mosquitto websockets ERR_CONNECTION_REFUSED letsencrypt
I have an VPS with a mosquitto broker and a webpage hosted inside. The webpage is running over https with websockets, we bought a .com host to be able to get letsencrypt certicate. At the beging I tried with a certificate of www.sslforfree.com pointing directly to myweb.ovh.net and the webpage connecting to this url too.
In that case everything worked perfect, but I need a certificate that could keep for a long, and letsencrypt I thing that could be the solution. I created a letsencrypt certicate pointing to the web.com and I put that certificates in my mosquitto.conf in this way
listener 9001
protocol websockets
certfile /etc/letsencrypt/live/web.com/cert.pem
cafile /etc/letsencrypt/live/web.com/chain.pem
keyfile /etc/letsencrypt/live/web.com/privkey.pem
allow_anonymous false
When I try to run my mosquitto I don't have response in the server side, no message in the console and I get an error in the web console "ERR_CONNECTION_REFUSED" it seems that the certicate is not beeing loaded in the server correctly or maybe the cert is not ok.
With the cert from sslforfree everithing worked ok. Could it be a problem with file permissions? I'm totally lost with this problem, also I dont know how to see if the cert is being loaded correctly in my server.
My mosquitto log is
1596462903: Config loaded from mosquitto2.conf.
1596462903: Opening ipv4 listen socket on port 8884.
1596462903: Opening ipv6 listen socket on port 8884.
1596462903: Opening websockets listen socket on port 9001.
1596462924: New connection from 88.9.162.109 on port 8884.
1596462924: New client connected from 88.9.162.109 as crfEquipo40 (c1, k60, u'crfEquipo40').
1596462924: Sending CONNACK to crfEquipo40 (0, 0)
1596462924: Received SUBSCRIBE from crfEquipo40
1596462924: opi40/cmd/teclado (QoS 0)
1596462924: crfEquipo40 0 opi40/cmd/teclado
1596462924: Sending SUBACK to crfEquipo40
1596462925: Received SUBSCRIBE from crfEquipo40
1596462925: opi40/evt/hora (QoS 0)
1596462925: crfEquipo40 0 opi40/evt/hora
1596462925: Sending SUBACK to crfEquipo40
1596462925: Received SUBSCRIBE from crfEquipo40
1596463066: mosquitto version 1.4.15 terminating
As you can see port 9001 is running but nothing is happening, I tried the same with the sslforfree certificate and the connection was ok, messages received in the port 9001 but with the letsencrypt certificate no response.
In my javascript console client I get the next
and also this one in the chrome security panel
Upvotes: 0
Views: 395
Answers (1)
Reputation: 59816
Use the /etc/letsencrypt/live/web.com/fullchain.pem rather than /etc/letsencrypt/live/web.com/chain.pem
Upvotes: 1
Related Questions
- mosquitto (mqtt broker) is refusing connections over websockets
- Mosquitto on Ubuntu not working with Letsencypt Certificate
- Try to connect to Mosquitto MQTT over WebSockets with Mqtt.js
- Mosquitto MQTT broker with TLS - client connection errors
- WebSocket connection establishment error from browser
- Mosquitto SSL connection refused
- Error during WebSocket handshake: net::ERR_CONNECTION_RESET
- Mosquitto configuration for Websockets + TLS
- Can't connect to Mosquitto through websockets
- Unable to establish websocket connection using Mosquitto Broker javascript client