Fail to load SSL configuration while using docker image


Trying to install Elasticsearch latest version via docker.

I have created certificate already and pushing it to image like below, excerpt from yml

- ./elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12

<stacktrace": ["org.elasticsearch.bootstrap.StartupException: ElasticsearchSecurityException[failed to load SSL configuration []]; nested: ElasticsearchException[failed to initialize SSL TrustManager - not permitted to read truststore file [/usr/share/elasticsearch/config/elastic-stack-ca.p12]]; nested: AccessDeniedException[/usr/share/elasticsearch/config/elastic-stack-ca.p12]; />

I can see its access issue but not sure how to fix it. like how to grant access to that location cause docker container exits after that exception and can't use commands like exec --it bash to change the file permission.

Any thoughts

Assuming that you are using our official image ( and if you don't, you should ) , the user that elasticsearch runs under has a UID of 1000 so you should make sure that the elastic-stack-ca.p12 is owned by that user ( chown 1000:0 elastic-stack-ca.p12 ) or it is readable by all users.

thanks so should I add it as
CMD chowon 1000:0 elastic-stack-ca.p12
in the docker file or is there any better way?

here is my yml file

version: '3'


container_name: elasticsearch
  - discovery.seed_hosts=elasticsearch
  - cluster.initial_master_nodes=elasticsearch
  - bootstrap.memory_lock=true
  - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
 # -
 # -
 # -
 # -
 # -
 # -
 # -
    soft: -1
    hard: -1
  - ./elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12
  - esdata1:/usr/share/elasticsearch/data
  - 9200:9200

*command: chown -R 1000:0 /usr/share/elasticsearch/*
container_name: kibana
  ELASTICSEARCH_URL: "http://elasticsearch:9200"
  - 5601:5601
  - elasticsearch

driver: local

I m not sure where to add the command so it run at appropriate time. tried few places but gives me error.

Any advise?

no love :frowning:

Please be patient in waiting for responses to your question and refrain from pinging multiple times asking for a response or opening multiple topics for the same question. This is a community forum, it may take time for someone to reply to your question. For more information please refer to the Community Code of Conduct specifically the section "Be patient". Also, please refrain from pinging folks directly, this is a forum and anyone that participates might be able to assist you.

If you are in need of a service with an SLA that covers response times for questions then you may want to consider talking to us about a subscription.

It's fine to answer on your own thread after 2 or 3 days (not including weekends) if you don't have an answer.

I try to observe the code of conduct, its for our common good.

here is an except from the "Be patient" section
One reminder ping is welcome, many reminder pings in rapid succession are not a good display of patience.

As one can see I posted some details and then YML, to elaborate and then ping , one ping. So I thought I was under the norms. Had no intention flood it. I much appreciate volunteer response and we learn a lot from such forums. Respect and thanks for all contributors.

One comment though: wouldn't it be 'nicer' if some help was also provided besides policing .

I stand with what David said above, please be patient, we all do our best around here :slight_smile:

Not everyone has the time, insights, or a ready answer for each of the questions, that doesn't mean that bringing up the code of conduct of the forums is a bad approach. Don't consider this as policing, but rather as a friendly reminder. It had only been 19hrs since you asked the previous question :slight_smile:

Answering your original question: you don't need to do this as part of your docker compose file. Do it once, for your existing elastic-stack-ca.p12 file and then map it as a volume, as you already do

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.