Unable to create websockets listener when configed Certificate based SSL/TLS

Hi, all

Question
I need to configure certificate based SSL support for websocket listener, but the websockets listener can’t be created. This is the mosquitto.conf file:

Config

listener 8883
protocol websockets
cafile /root/cedalo_platform/mosquitto/cert/ca.crt
certfile /root/cedalo_platform/mosquitto/cert/server.crt
keyfile /root/cedalo_platform/mosquitto/cert/server.key
tls_version tlsv1.2

listener 1883

persistence true
persistence_location /mosquitto/data/

plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /mosquitto/data/dynamic-security.json

The certificates are generated according to this doc.
And I also tried to use the certificates provided by my cloud server merchant. However, when I run mosquitto or run command sh start.sh, there is always an error that the websocket listener can’t be created. The logs are listed as follows:

Logs

mosquitto_1          | 1685711538: Error: Unable to create websockets listener on port 8883.
cedalo_platform_mosquitto_1 exited with code 1

I tried find more information about this error, but I can’t make it.

More
When I changed mosquitto.conf to:

listener 8883
protocol websockets

listener 1883
cafile /root/cedalo_platform/mosquitto/cert/ca.crt
certfile /root/cedalo_platform/mosquitto/cert/server.crt
keyfile /root/cedalo_platform/mosquitto/cert/server.key
tls_version tlsv1.2


persistence true
persistence_location /mosquitto/data/

plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /mosquitto/data/dynamic-security.json

Then

mosquitto_1          | 1685713285: Opening websockets listen socket on port 8883.
mosquitto_1          | 1685713285: Opening ipv4 listen socket on port 1883.
mosquitto_1          | 1685713285: Opening ipv6 listen socket on port 1883.
mosquitto_1          | 1685713285: Error: Unable to load CA certificates. Check cafile "/root/cedalo_platform/mosquitto/cert/ca.crt".
mosquitto_1          | 1685713285: Error: Unable to load server certificate "/root/cedalo_platform/mosquitto/cert/server.crt". Check certfile.
mosquitto_1          | 1685713285: OpenSSL Error[0]: error:0200100D:system library:fopen:Permission denied
mosquitto_1          | 1685713285: OpenSSL Error[1]: error:20074002:BIO routines:file_ctrl:system lib
mosquitto_1          | 1685713285: OpenSSL Error[2]: error:140DC002:SSL routines:use_certificate_chain_file:system lib
cedalo_platform_mosquitto_1 exited with code 1

And it doesn’t work with the sudo command either.

Thanks!!!

There is a guide for tls configuration.
It worked!