Hi, I just upgraded from mosquitto-1.6.12 to mosquitto-2.0.10 and I couldn't start it anymore due to 1622748090: mosquitto version 2.0.10 starting 1622748090: Config loaded from /etc/mosquitto/mosquitto.conf. 1622748090: Opening ipv6 listen socket on port 1883. 1622748090: Opening ipv4 listen socket on port 1883. 1622748090: Opening ipv4 listen socket on port 8883. 1622748090: Opening ipv6 listen socket on port 8883. 1622748090: Error: Unable to load server certificate "/etc/letsencrypt/live/<url>/fullchain.pem". Check certfile. 1622748090: OpenSSL Error[0]: error:0200100D:system library:fopen:Permission denied 1622748090: OpenSSL Error[1]: error:20074002:BIO routines:file_ctrl:system lib 1622748090: OpenSSL Error[2]: error:140DC002:SSL routines:use_certificate_chain_file:system lib The certs are put in place by certbot-1.14.0 Downgrading back to mosquitto-1.6.12 fixed the problem and lead to the expected output in logs (just like before the upgrade): 1622748313: mosquitto version 1.6.12 starting 1622748313: Config loaded from /etc/mosquitto/mosquitto.conf. 1622748313: Opening ipv6 listen socket on port 1883. 1622748313: Opening ipv4 listen socket on port 1883. 1622748313: Opening ipv4 listen socket on port 8883. 1622748313: Opening ipv6 listen socket on port 8883. 1622748313: mosquitto version 1.6.12 running Reproducible: Always Steps to Reproduce: 1. Install mosquitto-1.6.12 and set it up properly 2. Upgrade to mosquitto 2.0.10 3. Restart mosquitto I assume this also fails when freshly installing mosquitto-2.0.10, but I did not test this. Actual Results: Error: Unable to load server certificate "/etc/letsencrypt/live/<url>/fullchain.pem". Check certfile. OpenSSL Error[0]: error:0200100D:system library:fopen:Permission denied OpenSSL Error[1]: error:20074002:BIO routines:file_ctrl:system lib OpenSSL Error[2]: error:140DC002:SSL Expected Results: mosquitto version 1.6.12 starting Config loaded from /etc/mosquitto/mosquitto.conf. Opening ipv6 listen socket on port 1883. Opening ipv4 listen socket on port 1883. Opening ipv4 listen socket on port 8883. Opening ipv6 listen socket on port 8883. mosquitto version 1.6.12 running
This is due to changes in mosquitto that affect when the certificates are loaded, and requires some migration. See https://github.com/eclipse/mosquitto/issues/2161 I need to add some migration information to the ebuild, I suppose.
That helped. Thx a lot, you were REALLY quick!
(In reply to til.dlh from comment #2) > That helped. Thx a lot, you were REALLY quick! (I’ll reopen for now as a reminder for elog?)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1777bbb3d5f288ce8185f06162f2747a6329403 commit b1777bbb3d5f288ce8185f06162f2747a6329403 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2021-06-18 05:08:01 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2021-06-18 05:10:26 +0000 app-misc/mosquitto: Add migration elog info And provide mosquitto-copy.sh. Closes: https://bugs.gentoo.org/794070 Signed-off-by: Matt Turner <mattst88@gentoo.org> app-misc/mosquitto/mosquitto-2.0.10.ebuild | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)