我正在尝试为云计算实例上的独立 MongoDB 实例设置 TLS 证书。
我使用命令从 certbot 获取了证书 sudo certbot certonly --standalone -d
。
然后我运行以下命令:
cat privkey.pem fullchain.pem > /etc/ssl/mongod.pem
。
cat chain.pem > /etc/ssl/ca.pem
。
我已更新证书权限:
chmod 600 /etc/ssl/ca.pem
chmod 600 /etc/ssl/mongod.pem
我已经更新了我的/etc/mongod.conf
:
net:
port: 27017
bindIp: 0.0.0.0 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
ssl:
mode: requireTLS
PEMKeyFile: /etc/ssl/mongod.pem
CAFile: /etc/ssl/ca.pem
allowConnectionsWithoutCertificates: false
使用命令ps aux | grep mongodb
我可以看到 mongodb 正在以 root 用户身份运行:
root 134510 0.0 0.0 221432 2060 pts/0 S+ 13:28 0:00 grep --color=auto mongodb
但是,重新启动 mongod 服务后,它无法启动,当我检查日志时,我可以看到以下错误:
{"t":{"$date":"2024-04-08T13:15:39.573+00:00"},"s":"E", "c":"NETWORK", "id":23248, "ctx":"main","msg":"Cannot read certificate file","attr":{"keyFile":"/etc/ssl/mongod.pem","error":"error:FFFFFFFF8000000D:system library::Permission denied"}}
{"t":{"$date":"2024-04-08T13:15:39.573+00:00"},"s":"F", "c":"CONTROL", "id":20574, "ctx":"main","msg":"Error during global initialization","attr":{"error":{"code":140,"codeName":"InvalidSSLConfiguration","errmsg":"Can not set up PEM key file."}}}
有人可以帮帮我吗?