- :1883 will be for local use only
- :8083 websocket secure
- :8883 mqtt secure
sudo apt-get install mosquitto
Don't forget to change the domain and allow port 443 through firewall
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
sudo certbot certonly --standalone --standalone-supported-challenges tls-sni-01 -d change.me -d www.change.me
sudo crontab -e
15 4 * * * certbot renew --noninteractive --post-hook "systemctl restart mosquitto"
Create logins for mqtt name:admin
sudo mosquitto_passwd -c /etc/mosquitto/passwd admin
sudo nano /etc/mosquitto/conf.d/mosquitto.conf
message_size_limit 0
allow_zero_length_clientid true
allow_duplicate_messages false
port 1883
protocol mqtt
listener 8083
protocol websockets
certfile /etc/letsencrypt/live/change.me/cert.pem
cafile /etc/letsencrypt/live/change.me/chain.pem
keyfile /etc/letsencrypt/live/change.me/privkey.pem
listener 8883
certfile /etc/letsencrypt/live/change.me/cert.pem
cafile /etc/letsencrypt/live/change.me/chain.pem
keyfile /etc/letsencrypt/live/change.me/privkey.pem
autosave_interval 900
autosave_on_changes false
persistence_file mosquitto.db
allow_anonymous false
password_file /etc/mosquitto/passwd
sudo nano /etc/mosquitto/conf.d/mosquitto.conf
# Owntracks bridge
connection owntracks
address xxx.xxx.xxx.xxx
cleansession false
notifications false
remote_username user
remote_password secret
start_type automatic
try_private true
topic # both 2 owntracks/ owntracks/
sudo systemctl restart mosquitto