A bit of running in a circle to get tls/ssl to work. It didn’t work at first. Some of the issue was around the common name, and the lack of clarity about what that actually needs to be. Ran in to issues with the mosquitto config file not being updated, and trying to start / stop mosquitto. This resulted in needing to reboot the ec2 instance often during the trial and error. Eventually was able to get back to a working state. The next steps will be to regenerate the certificates in the proper format, make sure the ports are open, and whatever else will be needed to get this working.