I am trying to set up TLS certificates for my standalone mongodb instance on a cloud compute instance.
I got the certificates from certbot using the command sudo certbot certonly --standalone -d.
i have then run the following commands:
cat privkey.pem fullchain.pem > /etc/ssl/mongod.pem.
cat chain.pem > /etc/ssl/ca.pem.
I’ve updated the certificate permissions with:
chmod 600 /etc/ssl/ca.pem
chmod 600 /etc/ssl/mongod.pem
Using the command ps aux | grep mongodb i can see that mongodb is running with the user root:
root 134510 0.0 0.0 221432 2060 pts/0 S+ 13:28 0:00 grep --color=auto mongodb
However, after i restart the mongod service, it fails to start and when i check the logs i can see the following errors:
{"t":{"$date":"2024-04-08T13:15:39.573+00:00"},"s":"E", "c":"NETWORK", "id":23248, "ctx":"main","msg":"Cannot read certificate file","attr":{"keyFile":"/etc/ssl/mongod.pem","error":"error:FFFFFFFF8000000D:system library::Permission denied"}}
{"t":{"$date":"2024-04-08T13:15:39.573+00:00"},"s":"F", "c":"CONTROL", "id":20574, "ctx":"main","msg":"Error during global initialization","attr":{"error":{"code":140,"codeName":"InvalidSSLConfiguration","errmsg":"Can not set up PEM key file."}}}
Can someone help me out please ?