Description
I want to be able to use owntracks and ot-recorder on my server with Let's Encrypt certificates. I had been using a self signed certificate but I got so tired of my Samsung Android phones nagging me with constant notifications warning me of the self signed certificates. So I set up Let's Encrypt certificates and copied them to my Mosquitto directory. I understand I will have to copy the certificates every 90 days and restart Mosquitto but I can live with that.
But I cannot seem to figure out how to get ot-recorder working.
Host is Ubuntu 16.04
ot-recorder is built from source version 0.6.9
The part of /etc/mosquitto/mosquitto.conf that matters:
certfile /etc/mosquitto/certs/cert.pem
keyfile /etc/mosquitto/certs/keyfile.pem
The files cert.pem and keyfile.pem are copied from the appropriate let's encrypt directory along with chain.pem
Here is /etc/default/ot-recorder parts related to encryption:
OTR_CAFILE="/etc/mosquitto/certs/chain.pem"
OTR_CERTFILE="/etc/mosquitto/certs/cert.pem"
I've tried a number of things but I'm out of my depth with troubleshooting this. I know if I comment out the certfile and keyfile lines in my mosquitto conf and comment out the two lines above in my ot-recorder, ot recorder works fine with no TLS. I've tried various options with converting between .pem and .crt, adding a keyfile, and I either get:
ot-recorder[8036]: MQTT connection: rc=8 [A TLS error occurred.] (errno=0; Success). Sleeping...
or
ot-recorder[7672]: Disconnected. Reason: 0x7 [Connection refused: TLS error]
I have Googled and looked through these archives without much luck. I did find https://github.com/owntracks/recorder/issues/186 that seems similar but did not want to hijack his thread.
These are hosted on the same machine, not in any containers and pointing at the same files and I am testing as root so file permissions are not an issue.
Could someone please help me with troubleshooting this? Thank you,
Davdi