Write Review


Mosquitto Message Queuing Telemetry Transport (MQTT) is a robust, open-source message broker that facilitates the implementation of MQTT protocol version 3.1 and version 3.1.1. It is a lightweight application that offers convenient methods of relaying messages via a publish/subscribe model.

The tool is designed for use on different types of IoT devices including low-power, single board machines, and full servers.

This tutorial will help you install and set up Mosquitto MQTT on your Ubuntu 18.04 server.

Before You Start

To implement Mosquitto MQTT flawlessly, you will require the following:

  • A unique domain name pointing to the server. This guide will utilize the domain name mqtt.mydomain.com.
  • Unused port 80 on your Ubuntu 18.04 server.

Step 1 - Installing MosQuitto MQTT

The first thing when installing this software is to deploy a custom repository that will enable you to install the most recent Certbot version. Execute the command below to accomplish this:

$ sudo add-apt-repository ppa:certbot/certbot

Select ENTER to confirm the installation. Next, run the command below to install Certbot and Mosquitto:

$ sudo apt install certbot mosquitto mosquitto-clients

Step 2 - Getting The SSL Certificate

Once, the software is installed, you can fetch the SSL certificates. But first, run the command below to allow port 80 in the firewall:

$ sudo ufw allow 80

Then, use the command below to instruct Certbot to look for the certificate.

$ sudo certbot certonly --standalone --preferred-challenges http -d mqtt.mydomain.com

Note: Remember to replace mqtt.mydomian.com with your specific domain name.

When prompted to provide your email address, enter your official email and accept the terms. Once that is done, you will receive a message confirming the success of the process. You will also be told where the certificate was stored.

Now, you can proceed with installation and configure Mosquitto MQTT to use the SSL certificates.

Step 3 - Setting Up Mosquitto MQTT

The first thing when configuring Mosquitto MQTT to use the SSL certificate is to create the password file using the mosquitto_passwd command. This file will be located in the directory; /etc/mosquitto/passwd, and it makes it easy for Mosquitto to verify all connections.

$ sudo mosquitto_passwd -c /etc/mosquitto/passwd your-username

Upon request, enter your password twice. Next, run the command below to open the new Mosquitto configuration file:

$ sudo nano /etc/mosquitto/conf.d/default.conf

This file should be empty. Now, add the content below to this file:

password_file /etc/mosquitto/passwd

listener 1883 localhost

listener 8883
certfile /etc/letsencrypt/live/mqtt.mydomain.com/cert.pem
cafile /etc/letsencrypt/live/mqtt.mydomain.com/chain.pem
keyfile /etc/letsencrypt/live/mqtt.mydomain.com/privkey.pem

listener 8083
protocol websockets
certfile /etc/letsencrypt/live/mqtt.mydomain.com/cert.pem
cafile /etc/letsencrypt/live/mqtt.maydomain.com/chain.pem
keyfile /etc/letsencrypt/live/mqtt.mydomain.com/privkey.pem

Save and exit the file, then run the command below to restart Mosquitto and allow the changes to take effect.

$ sudo systemctl restart mosquitto

Next, execute the command below to check the status of Mosquitto:

$ sudo systemctl status mosquitto

This will give you an output like the one below:

●mosquitto.service- LSB: mosquittoMQTTv3.1messagebroker
   Loaded: loaded(/etc/init.d/mosquitto;generated)
   Active: active(running)sinceMon2018-08-1714:03:42UTC;2min39sago
     Docs: man:systemd-sysv-generator(8)
  Process: 6683ExecStop=/etc/init.d/mosquittostop(code=exited,status=0/SUCCESS)
  Process: 6699ExecStart=/etc/init.d/mosquittostart(code=exited,status=0/SUCCESS)
    Tasks: 1(limit:1152)
   CGroup: /system.slice/mosquitto.service

If Mosquitto is not active (running), check the configuration file, then start the Mosquitto again.

Now, run the command below to view additional information in the Mosquitto’s log file:

$ sudo tail /var/log/mosquitto/mosquitto.log

If everything is okay, run the commands below to allow port 8883 and 8083:

$ sudo ufw allow 8883
$ sudo ufw allow 8083

That is it! Mosquitto is fully configured. However, our installation is not yet complete; we need to set up Certbot to always restart Mosquitto whenever the certificates are renewed.

Step 4 - Setting Up Certibot Renewals

Certbot is designed to renewal SSL certificates prior to their expiration date. However, Certbot is not configured to restart Mosquitto once the certificates are renewed.

Run the command below to open the conf file for Certbot renewal:

$ sudo nano /etc/letsencrypt/renewal/mqtt.mydomain.com.conf

We’ll add a renew_hook to the final line of this configuration file:

renew_hook = systemctl restart mosquitto

Save the file and exit nano. Next, run the command below to check if the syntax is correct:

$ sudo certbot renew --dry-run

If there are no errors, then the setup is okay.

Step 5  - Verifying The MosQuitto MQTT

First, run the command below to subscribe to a test topic on your localhost listener:

$ mosquitto_sub -h localhost -t test -u "your-user" -P "your-password"

Next, publish the test topic with the mosquitto_pub:

$ mosquitto_pub -h localhost -t test -m "hello world" -u "your-user" -P "your-password"

Alternatively, if you want to subscribe via a secured lister on the port 8883, then execute the command below:

$ mosquitto_sub -h mqtt.mydomain.com -t test -p 8883 --capath /etc/ssl/certs/ -u "your-username" -P "your-password"

Next, run the command below to publish:

$ mosquitto_pub -h mqtt.mydomain.com -t test -m "hello world" -p 8883 --capath /etc/ssl/certs/ -u "your-username" -P "your-password"

Now, we’ll test the functionality of the WebSocket using the Paho javascript client; a browser-based client for MQTT. Follow thislink to open the client. This will take you to this page:

How to install and configure Mosquitto MQTT on your Ubuntu 18.04 server?

Enter the details as below:

  • Host: Enter the Mosquitto server domain name
  • Port: 8083
  • ClinetId: Don't change the default value
  • Path: Leave it as it is
  • Username: Enter the username as provided in step three
  • Password: Provide the password created in step three

Leave all the other fields to the default values. Press Connect to content the client to your Ubuntu server, then, use the Subscribe button to subscribe and Publish Message button to publish the message.


That’s all! You have successfully installed and configured Mosquitto MQTT message broker on your Ubuntu 18.04 system. You can now leverage the power of this messaging platform to implement your home automation, IoT, and other similar projects.

Check out these top 3 Linux hosting services

Was this article helpful?