Configure TLS/SSL for elasticsearch using Letsencrypt issue

Hi all, I'm trying to configure TLS connection for elasticsearch using helm package, here is current configuration:

    protocol: https
      - name: certall
        secretName: certall
        path: /usr/share/elasticsearch/config/certs
        defaultMode: 0755
    masterService: "elasticsearch-master"
      elasticsearch.yml: | true true certificate /usr/share/elasticsearch/config/certs/certall.key /usr/share/elasticsearch/config/certs/certall.crt
      - name: ELASTIC_PASSWORD
            name: elastic-credentials
            key: password
      - name: ELASTIC_USERNAME
            name: elastic-credentials
            key: username

I create kubernetes secret using this commands:
kubectl create secret generic certall --from-file=cert.pem

The lets encrypt certification folder has 2 files that I need: fullchain.pem and privkey.pem, so basically what I've done is to copy the content of those both files into the file named cert.pem as you can see. Then mount it as a secret to pod.

The problem that I keep running into is

ElasticsearchSecurityException[failed to load SSL configuration []]; nested: ElasticsearchException[failed to create trust manager]; nested: ElasticsearchException[failed to initialize a TrustManagerFactory]; nested: ElasticsearchException[failed to initialize SSL KeyManager - certificate file [/usr/share/elasticsearch/config/certs/certall.crt] does not exist]; nested: NoSuchFileException[/usr/share/elasticsearch/config/certs/certall.crt];
Likely root cause: java.nio.file.NoSuchFileException: /usr/share/elasticsearch/config/certs/cert-chain.crt at java.base/sun.nio.fs.UnixException.translateToIOException( at java.base/sun.nio.fs.UnixException.rethrowAsIOException( at java.base/sun.nio.fs.UnixException.rethrowAsIOException( at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel( at java.base/java.nio.file.Files.newByteChannel( at java.base/java.nio.file.Files.newByteChannel( at java.base/java.nio.file.spi.FileSystemProvider.newInputStream( at java.base/java.nio.file.Files.newInputStream( at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readCertificates( at org.elasticsearch.xpack.core.ssl.PEMKeyConfig.getCertificateChain( at org.elasticsearch.xpack.core.ssl.PEMKeyConfig.createTrustManager( at org.elasticsearch.xpack.core.ssl.TrustConfig$CombiningTrustConfig.lambda$createTrustManager$0( at java.base/$7$1.accept( at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining( at java.base/ at

I'm not sure if there is any wrong with it, it's obvious that I mounted it into the pod with the correct path, but it said the cert file didnt exist. I also created 2 secrets corresponding to 2 files fullchain.pem and privkey.pem and change the path but no luck, it can't find the files.

Any help would be appreciated. Thanks a lot!

I don't know why exactly but after several tries I can finally see the secret mounted into the pods so that I can use it

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.