sunet-cdn/cdn-ops
2
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
cdn-ops/global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt
Patrik Lundin 0461a8f0b8
mqtt: fix certfile usage 
Use fullchain.pem instead of cert.pem which fixes "certificate signed by
unknown authority" problems.
Also point cafile to correct root cert.
2024-11-05 14:39:13 +01:00

24 lines
648 B
Bash
Executable file
Raw Blame History

#!/bin/bash
# Mosquitto is running with a user that is not privileged enough to read files
# directly from the certbot dirs, so copy files to where mosquitto expects
# them.
set -eu
le_dir="/etc/letsencrypt/live/$(hostname -f)"
mosquitto_dir="/etc/mosquitto"
le_fullchain="$le_dir/fullchain.pem"
mosquitto_fullchain="$mosquitto_dir/certs/fullchain.pem"
cp "$le_fullchain" "$mosquitto_fullchain"
chown mosquitto:root "$mosquitto_fullchain"
le_key="$le_dir/privkey.pem"
mosquitto_key="$mosquitto_dir/certs/privkey.pem"
cp "$le_key" "$mosquitto_key"
chown mosquitto:root "$mosquitto_key"
# Tell mosquitto to reload certs
pkill -x -HUP mosquitto
Reference in a new issue View git blame Copy permalink