Can not create SSL for Elasticsearch and Kibana when deploying in AWS lighsail using docker

Vamsi_Popuri · November 15, 2024, 10:28pm

Hi all,
I am trying to deploy Elasticsearch and Kibana in Ubuntu lightsail instance using docker. This might be very minor issue, but i am trying different methods from past 2 days and i am struck and any help will be appreciated.
My docker-compose.yml is as follows

version: '3.7'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.16.0
container_name: elasticsearch
environment:
 - discovery.type=single-node
 - xpack.security.enabled=true # Enable security - 
 - xpack.security.transport.ssl.enabled=true
 - xpack.security.transport.ssl.key=certs/elasticsearch-key.pem
 - xpack.security.transport.ssl.certificate=certs/elasticsearch-cert.pem
 - xpack.security.transport.ssl.certificate_authorities=certs/elasticsearch-cert.pem
 - ELASTIC_PASSWORD=My_password
ports:
 - "9200:9200"
volumes:
 - esdata:/usr/share/elasticsearch/data
 - ../certs:/usr/share/elasticsearch/config/certs
networks:
 - elastic

 kibana:
image: docker.elastic.co/kibana/kibana:8.16.0
container_name: kibana
environment:
 - ELASTICSEARCH_HOSTS=https://elasticsearch:9200
 - ELASTICSEARCH_USERNAME=elastic
 - ELASTICSEARCH_PASSWORD=My_password
 - SERVER_SSL_ENABLED=true
 - SERVER_SSL_CERTIFICATE=certs/kibana-cert.pem
 - SERVER_SSL_KEY=certs/kibana-key.pem
ports:
 - "5601:5601"
depends_on:
 - elasticsearch
volumes:
 - ../certs:/usr/share/elasticsearch/config/certs
networks:
 - elastic

volumes:
esdata:
driver: local

networks:
elastic:
driver: bridge

I created certs using

 openssl req -x509 -newkey rsa:4096 -keyout kibana-key.pem -out kibana-cert.pem -days 365

then i gave the location of certs in my .yml

My Elasticsearch and Kibana exited with error code 1. the log is as follows

"log.level":"ERROR", "message":"fatal exception while booting Elasticsearch", "ecs.vers
ion": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elast
icsearch.bootstrap.Elasticsearch","elasticsearch.node.name":"a4a5b0fd8f9e","elasticsearch.cluster.name":"docker-cluster","error.t
ype":"org.elasticsearch.ElasticsearchSecurityException","error.message":"failed to load SSL configuration [xpack.security.transpo
rt.ssl] - cannot load PEM private key from [/usr/share/elasticsearch/config/certs/elasticsearch-key.pem] due to GeneralSecurityEx
ception (PKCS#8 Private Key is encrypted with unsupported PBES2 algorithm [1.2.840.113549.3.7])","error.stack_trace":"org.elastic
search.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot load PEM private 
key from [/usr/share/elasticsearch/config/certs/elasticsearch-key.pem] due to GeneralSecurityException (PKCS#8 Private Key is enc
rypted with unsupported PBES2 algorithm [1.2.840.113549.3.7])\n\tat org.elasticsearch

Topic		Replies	Views
Not able to copy SSL cert of elastic search certs using kibana docker container using docker-compose Kibana docker	9	2324	April 24, 2020
Kibana issue connecting to elasticsearch via https Kibana docker	2	700	June 17, 2022
SSL error in docker container Elasticsearch elastic-stack-security , docker	1	750	December 18, 2023
Trying to get my docker-compose to start Kibana with ssl Kibana docker	9	3212	March 30, 2022
Kibana TLS/SSL fails on Docker Swarm Elasticsearch	1	526	June 19, 2020

Can not create SSL for Elasticsearch and Kibana when deploying in AWS lighsail using docker

Related topics