Hello,
Kibana can't start and throw this permission error in journal:
{ Error: EACCES: permission denied, open '/etc/kibana/privkey.pem'
I'm using Let's encrypt to get the domain certified:
So all I did was creating a link in the Kibana directory, hoping the permissions should be fine:
ln -f -s /etc/letsencrypt/live/api-s2.app.net/cert.pem /etc/kibana/cert.pem
ln -f -s /etc/letsencrypt/live/api-s2.app.net/privkey.pem /etc/kibana/privkey.pem
Kibana.yml
server.port: 5009
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9999"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "MyPasswrd"
xpack.security.encryptionKey: "tqSaBwqe76htDFzJkezFD7pvtXkKlYHU"
xpack.security.session.idleTimeout: "1h"
xpack.security.session.lifespan: "30d"
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/cert.pem
server.ssl.key: /etc/kibana/privkey.pem
The content of /etc/kibana is in below, so the permissions seem fine.
-rw-rw---- 1 root kibana 419 Nov 15 19:32 kibana.yml
lrwxrwxrwx 1 root kibana 51 Nov 15 19:32 privkey.pem -> /etc/letsencrypt/live/api-s2.app.net/privkey.pem
lrwxrwxrwx 1 root kibana 48 Nov 15 19:31 cert.pem -> /etc/letsencrypt/live/api-s2.app.net/cert.pem
-rw-r----- 1 root kibana 4883 Nov 15 13:55 kibana.org
-rw-r--r-- 1 root kibana 216 Nov 9 22:16 node.options
How can I solve this please?
UPDATE:
In case someone is going to suggest this blog post: https://www.elastic.co/blog/x-pack-security-for-elasticsearch-with-lets-encrypt-certificates
There is a problem that may have been missed. Let's Encrypt automatically updates the certificates every three month. Therefore it's best to link the files as I have shown above. Copying them as the blog suggests lasts only three month and expires then. This is not a good solution. Thanks