I am unable to restart my mongodb
service. On checking the logs at /var/log/mongodb/mongod.log
I get the following error :
cannot read certificate file: /root/ssl/mongodb.pem error:0200100D:system library:fopen:Permission denied
2019-11-23T17:04:27.679+0000 F CONTROL [main] Failed global initialization: InvalidSSLConfiguration: Can not set up PEM key file.
My /etc/mongod.conf
appears like :
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# Where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1
tls:
mode: requireTLS
certificateKeyFile: /root/ssl/mongodb.pem
# how the process runs
processManagement:
timeZoneInfo: /usr/share/zoneinfo
#security:
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options:
#auditLog:
#snmp:
The permission for /root/ssl/
folder is :
-rw-rw-r-- 1 mongodb mongodb 1354 Nov 23 16:22 mongodb.crt
-rw-rw-r-- 1 mongodb mongodb 1082 Nov 23 16:22 mongodb.csr
-rw-rw-r-- 1 mongodb mongodb 1679 Nov 23 16:21 mongodb.key
-rw-rw-rw- 1 mongodb mongodb 3033 Nov 23 16:22 mongodb.pem
-rw-rw-r-- 1 mongodb mongodb 1751 Nov 23 16:20 rootCA.key
-rw-rw-r-- 1 mongodb mongodb 1472 Nov 23 16:21 rootCA.pem
-rw-rw-r-- 1 mongodb mongodb 17 Nov 23 16:22 rootCA.srl
Ubuntu 16.04 LTS
MongoDB : 4.2
the folder root
usually have the following permissions:
drwx------ 5 root root 4096 Nov 25 15:32 root/
which means the user mongodb
cannot access it in the first place.
my advice is to move the files in the /root/ssl
folder to /etc/ssl/mongodb/
and update the mongod.conf file accordingly.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With