How to Install and Secure the Mosquitto MQTT Messaging Broker on Ubuntu 16.04

Installing Mosquitto

sudo add-apt-repository ppa:mosquitto-dev/mosquitto-ppa
sudo apt-get update
sudo apt-get install mosquitto mosquitto-clients

Installing Certbot for Let’s Encrypt Certificates

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot

Running Certbot

sudo ufw allow 80
sudo ufw allow 443
sudo certbot certonly --standalone

Enter your domain :

Setting up Certbot Automatic Renewals

sudo crontab -e
. . .
15 3 * * * certbot renew --noninteractive --post-hook "systemctl restart mosquitto"

Configuring MQTT Passwords

sudo mosquitto_passwd -c /etc/mosquitto/passwd sammy
sudo nano /etc/mosquitto/conf.d/default.conf
allow_anonymous false
password_file /etc/mosquitto/passwd
sudo systemctl restart mosquitto

Configuring MQTT SSL

sudo nano /etc/mosquitto/conf.d/default.conf
. . .
listener 1883 localhost

listener 8883
certfile /etc/letsencrypt/live/
cafile /etc/letsencrypt/live/
keyfile /etc/letsencrypt/live/
sudo systemctl restart mosquitto
sudo ufw allow 8883