Failed reading CA certificate permission denied

Kibana version: 7.10.2

Elasticsearch version: 7.10.2

APM Server version: 7.10.2

Original install method (e.g. download page, yum, deb, from source, etc.) and version: RPM from official repository

Fresh install or upgraded from other version?
Upgraded from 7.6.2


Recently we upgraded our ELK stack from 7.6.2 version to 7.10.2 version.
The upgrade went perfectly fine for all the stack except for APM server component which is complaining that it can't open our CA certificate anymore with this error:

ERROR [tls] tlscommon/tls.go:154 Failed reading CA certificate: open /path/to/ca.cer: permission denied
INFO instance/beat.go:424 apm-server stopped
ERROR instance/beat.go:956 Exiting: error initializing publisher: 1 error: open /path/to/ca.cer: permission denied

I'm quite confused for this log lines because the CA certificate file has 777 permission on the file system, I don't understand why APM server is not able to read it.

I don't know if it can help but the CA certificate is owned by elasticsearch
user(because the same file is used also by Elasticsearch in our environment) and APM server is running with apm-server user

The only way I'm able to start APM server is to change the ownership of the file and set it to apm-server user.

Is this the expected behaviour? Any idea on why APM server cannot read a file even with 777 permission set?

Thanks a lot for your help

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.