Invalid Certificate Errors when setting up SSL/HTTPS for Elasticsearch in Docker

Hi there!

Some basic background: My client has recently requested that we transition to using ELK stack to power our search and metrics. We are running Laravel 5.8/PHP 7.3 on the backend (feeding a ReactJS front-end via API) and using a variation of the popular Laradock repo to run our containers with docker-compose.

I've been successful in setting up basic authentication with xpack security, but I also need to set up an SSL certificate and HTTPS. I've followed several guides in the official documentation and here in the forums, and have managed to get my certificates created and stored in the host, then mounted to a named volume in the elasticsearch container. However, if I try to access the instance via public url I get a NET::ERR_CERT_INVALID response rather than a secured connection that prompts me for the username and password authentication to view the instance details.

Can someone help me understand how to resolve this issue? I'm struggling to understand how to fix this because the certificates should be valid, as I'm following the documented process for creating them.

Here is my instances.yml file

  - name: elasticsearch
      - elasticsearch
      - localhost

My create-certs.yml file

version: '2.2'

    container_name: create_certs
    command: >
      bash -c '
        if [[ ! -f /certs/ ]]; then
          bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/;
          unzip /certs/ -d /certs;
        chown -R 1000:0 /certs  '
    user: "0"
    working_dir: /usr/share/elasticsearch
      - ./certs:/certs
      - .:/usr/share/elasticsearch/config/certificates

volumes: {"certs"}

And my docker-compose.yml

version: '3'

    driver: ${NETWORKS_DRIVER}
    driver: ${NETWORKS_DRIVER}


      build: ./elasticsearch
        - elasticsearch:/usr/share/elasticsearch/data
        - ./certs:${CERTS_DIR}
        - bootstrap.memory_lock=true
        - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
        - cluster.initial_master_nodes=laradock-node
          soft: -1
          hard: -1
        - php-fpm
        - frontend
        - backend

The container builds and stays up when running docker-compose up -d elasticsearch but I cannot seem to remove the invalid certificate error when I try to access the instance on port 9200.

I'm a bit green to ELK stack and how to fit it in with our ecosystem, so possibly there is some configuration issue causing this that I'm unaware of. Just to add a bit more of an info dump about our setup: Currently I have SSL certificates set up for which is the host of endpoints accessed by our front-end application. However, when I initially set up elasticsearch with basic authentication, I had to access the instance at the non-secure url in order to be prompted to input the auth credentials, regardless of having SSL for the rest of the backend application.

Is it possible that this invalid certificate error is because I am attempting to set up 2 different sets of certs for (kind of) the same host? I figured things would be siloed due to access elasticsearch on port 9200 but maybe I'm wrong there? Should I be mounting the SSL certificates I'm using for nginx also for the elasticsearch SSL?

Obviously I have a lot of questions, and probably more coming. If anyone can offer help in understanding where my issue is coming from, I'd appreciate it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.