Configuring ssl from letsencrypt


(Frédéric Gauld) #1

Hi! I'm new here, so I apologize in advance for possibly inquiring about something that may seem obvious.

Elasticsearch version : 6.1
X-Pack version: 6.1

I've been struggling since yesterday to get secured https setup.

I followed the step by step instructions on configuring ssl certificates from letsencrypt in the ES environment: https://www.elastic.co/blog/x-pack-security-for-elasticsearch-with-lets-encrypt-certificates

the resulting content of elasticsearch.yml:

network.host: www.referr.com

xpack.ssl.key: /etc/elasticsearch/ssl/www.referr.com/privkey.pem
xpack.ssl.certificate: /etc/elasticsearch/ssl/www.referr.com/fullchain.pem

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.http.ssl.enabled: true

(and yes, the paths above do lead to files that are exact copies of the cert files issued by letsencrypt (/etc/letsencrypt/archive/www.referr.com/) )

Elasticsearch status is : running

Problem is: elasticsearch is not listening => ( If I run netstat -an | find ":9200", I get nothing)

If I go to https//www.referr.com:9200 with a browser, it throws a security error.

Is there anything in the configs that I've done wrong ?

(note: I had also setup a X.509 certificate by following all the steps at https://www.elastic.co/guide/en/elasticsearch/reference/6.1/configuring-tls.html#node-certificates , but that did not successfully allow client-side https requests. (I suppose since the resulting 'P12' certificate is self-signed).

If anyone has some insight, it'd be much appreciated (my site is presently online and broken... with many daily users ...ouch).

Thanks!


(Frédéric Gauld) #2

Oh. My bad. I was simply pointing to the wrong cert files... RESOLVED.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.