How to Install and Secure the Mosquitto MQTT Messaging Broker on Ubuntu 16.04
Installing Mosquitto
sudo add-apt-repository ppa:mosquitto-dev/mosquitto-ppa sudo apt-get update sudo apt-get install mosquitto mosquitto-clients
Installing Certbot for Let’s Encrypt Certificates
sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot
Running Certbot
sudo ufw allow 80 sudo ufw allow 443
sudo certbot certonly --standalone
Enter your domain : mqtt.example.com
Setting up Certbot Automatic Renewals
sudo crontab -e
. . . 15 3 * * * certbot renew --noninteractive --post-hook "systemctl restart mosquitto"
Configuring MQTT Passwords
sudo mosquitto_passwd -c /etc/mosquitto/passwd sammy
sudo nano /etc/mosquitto/conf.d/default.conf
allow_anonymous false password_file /etc/mosquitto/passwd
sudo systemctl restart mosquitto
Configuring MQTT SSL
sudo nano /etc/mosquitto/conf.d/default.conf
. . . listener 1883 localhost listener 8883 certfile /etc/letsencrypt/live/mqtt.example.com/cert.pem cafile /etc/letsencrypt/live/mqtt.example.com/chain.pem keyfile /etc/letsencrypt/live/mqtt.example.com/privkey.pem
sudo systemctl restart mosquitto
sudo ufw allow 8883