MongoDB 的 TLS 问题

MongoDB 的 TLS 问题

我正在尝试为云计算实例上的独立 MongoDB 实例设置 TLS 证书。

我使用命令从 certbot 获取了证书 sudo certbot certonly --standalone -d

然后我运行以下命令:

cat privkey.pem fullchain.pem > /etc/ssl/mongod.pem

cat chain.pem > /etc/ssl/ca.pem

我已更新证书权限:

chmod 600 /etc/ssl/ca.pem
chmod 600 /etc/ssl/mongod.pem

我已经更新了我的/etc/mongod.conf

net:
  port: 27017
  bindIp: 0.0.0.0  # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
  ssl:
    mode: requireTLS
    PEMKeyFile: /etc/ssl/mongod.pem
    CAFile: /etc/ssl/ca.pem
    allowConnectionsWithoutCertificates: false

使用命令ps aux | grep mongodb我可以看到 mongodb 正在以 root 用户身份运行:

root 134510 0.0 0.0 221432 2060 pts/0 S+ 13:28 0:00 grep --color=auto mongodb

但是,重新启动 mongod 服务后,它无法启动,当我检查日志时,我可以看到以下错误:

{"t":{"$date":"2024-04-08T13:15:39.573+00:00"},"s":"E",  "c":"NETWORK",  "id":23248,   "ctx":"main","msg":"Cannot read certificate file","attr":{"keyFile":"/etc/ssl/mongod.pem","error":"error:FFFFFFFF8000000D:system library::Permission denied"}}
{"t":{"$date":"2024-04-08T13:15:39.573+00:00"},"s":"F",  "c":"CONTROL",  "id":20574,   "ctx":"main","msg":"Error during global initialization","attr":{"error":{"code":140,"codeName":"InvalidSSLConfiguration","errmsg":"Can not set up PEM key file."}}}

有人可以帮帮我吗?

相关内容