mosquitto service does not support config parameter to put the password in for the encrypted private key. It asks for it on start of the service, which is not convenient for IoT device.
I do not want to discusse here security impacts etc as it is a chicken-egg problem but I need to find a simple and elegant way of being able to start it without human interaction.
I have created an expect script that actually works somehow, but my problem is with the systemctl. I am even able to start it using the systemctl, but on stopping with the following error:
* mosquitto.service - Mosquitto MQTT Broker
Loaded: loaded (/etc/systemd/system/mosquitto.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2023-02-10 14:43:39 CET; 1s ago
Docs: man:mosquitto.conf(5)
man:mosquitto(8)
Process: 23465 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 23466 ExecStartPre=/bin/chown apollo /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 23467 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, status=0/SUCCESS)
Process: 23468 ExecStartPre=/bin/chown apollo /run/mosquitto (code=exited, status=0/SUCCESS)
Process: 23469 ExecStart=/usr/sbin/mosquitto_secret (code=exited, status=143)
From the rest of the log it complains about problem with the private key. I assume because it can't read it as it is encrypted. Question is why it needs it on stop.
Thanks for any advice!
