Not Just Paranoid

Another site by Pete Maynard

Configuring OwnTrack to work With letsencrypt

These are some notes on getting OwnTracks to work with LetsEncrypt.

Install mosquitto (MQTT Broker) and create a username password combination.

apt install mosquitto mosquitto-clients
mosquitto_passwd -c /etc/mosquitto/passwd <username>

Using the letsencrypt client generate certs only as standalone.

./letsencrypt-auto certonly --standalone -d <domain>

Navigate to /etc/letsencrypt/live/ and copy them to mosquitto.

cp chain.pem /etc/mosquitto/certs/
cp cert.pem /etc/mosquitto/certs/
cat {privkey,fullchain}.pem >> /etc/mosquitto/certs/keyfile.pem

In the mosquitto.conf add the following lines.

cafile /etc/mosquitto/certs/chain.pem
certfile /etc/mosquitto/certs/cert.pem
keyfile /etc/mosquitto/certs/keyfile.pem
password_file /etc/mosquitto/passwd

You might want some more logging or to listen on an alternative port (default on debian was 1883) man mosquitto.conf.

Check it works by subscribbing to the events using:

mosquitto_sub -h localhost -p 1883 -v -t 'owntracks/#'

And manually sending an event with:

mosquitto_pub -h -p 1883 -t 'owntracks/test' -m 'hello' -u <username> -P <securepassword>

You can add the Android application using the built in CA certificates as it is verified with letsencrypt.

21 Mar 2016

Website Last Updated on 15 Sep 2023 (CC BY-SA 4.0)

This site uses JQuery and nanogallery2 hosted by
for the Flickr photo feed and GoatCounter for user insights.