Enable TLS on standalone mongodb isntance.

I am trying to set up TLS certificates for my standalone mongodb instance on a cloud compute instance.

I got the certificates from certbot using the command sudo certbot certonly --standalone -d.

i have then run the following commands:

cat privkey.pem fullchain.pem > /etc/ssl/mongod.pem.

cat chain.pem > /etc/ssl/ca.pem.

I’ve updated the certificate permissions with:

chmod 600 /etc/ssl/ca.pem
chmod 600 /etc/ssl/mongod.pem

Using the command ps aux | grep mongodb i can see that mongodb is running with the user root:

root 134510 0.0 0.0 221432 2060 pts/0 S+ 13:28 0:00 grep --color=auto mongodb

However, after i restart the mongod service, it fails to start and when i check the logs i can see the following errors:

{"t":{"$date":"2024-04-08T13:15:39.573+00:00"},"s":"E",  "c":"NETWORK",  "id":23248,   "ctx":"main","msg":"Cannot read certificate file","attr":{"keyFile":"/etc/ssl/mongod.pem","error":"error:FFFFFFFF8000000D:system library::Permission denied"}}
{"t":{"$date":"2024-04-08T13:15:39.573+00:00"},"s":"F",  "c":"CONTROL",  "id":20574,   "ctx":"main","msg":"Error during global initialization","attr":{"error":{"code":140,"codeName":"InvalidSSLConfiguration","errmsg":"Can not set up PEM key file."}}}

Can someone help me out please ?

It says permission denied
Check the permissions on the .pem file
It should be chmod 400 (for private files)
Can be chmod 600 for public files