Allow Mosquitto to access ACME certificate

drhirn · January 10, 2025, 11:05am

I was able to set up mosquitto and acme on my Omnia Turris. Both are working. Mosquitto is reachable, acme is requesting a certificate.

Now I want to use this certificate for Mosquitto. But the keyfile is readonly for root and Mosquitto is running as user mosquitto.

How could I allow Mosquitto to access the keyfile? In a way that this is not getting overwritten at the next Turris OS update or the next renewal of the certificate?

Thanks a lot!

AreYouLoco · January 10, 2025, 7:07pm

Maybe chown root:mosquitto /path/to/key/file and chmod 440 on /path/to/key/file

drhirn · January 12, 2025, 9:04am

Have to try. But quite sure, this get’s modified back on the next renew.

I’m actually trying to get post-hooks running to change the permissions.