Issue on Letsencrypt SSL kibana

Hi currently trying to install SSL letsencrypt on Wazuh, i got the certificates though DNS cloudflare, but i changed the part in kibana but it wont seem to start

root@wazuh:~# cat /etc/kibana/kibana.yml

server.host: 0.0.0.0
server.port: 443
elasticsearch.hosts: https://localhost:9200
elasticsearch.ssl.verificationMode: certificate
elasticsearch.username: xxxx
elasticsearch.password: xxxx
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opendistro_security.multitenancy.enabled: false
opendistro_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/letsencrypt/live/ids.mydomain.com/privkey.pem"
server.ssl.certificate: "/etc/letsencrypt/live/ids.mydomain.com/cert.pem"
elasticsearch.ssl.certificateAuthorities: ["/etc/kibana/certs/root-ca.pem"]
server.defaultRoute: /app/wazuh

not sure if i need to change somewhere else?

root@wazuh:~# ls -l -h  /etc/letsencrypt/live/ids.mydomain.com/
total 4.0K
lrwxrwxrwx 1 root root  40 Dec 27 12:19 cert.pem -> ../../archive/ids.mydomain.com/cert1.pem
lrwxrwxrwx 1 root root  41 Dec 27 12:19 chain.pem -> ../../archive/ids.mydomain.com/chain1.pem
lrwxrwxrwx 1 root root  45 Dec 27 12:19 fullchain.pem -> ../../archive/ids.mydomain.com/fullchain1.pem
lrwxrwxrwx 1 root root  43 Dec 27 12:19 privkey.pem -> ../../archive/ids.mydomain.com/privkey1.pem
-rw-r--r-- 1 root root 692 Dec 27 12:19 README

i checked the status i get this

root@wazuh:~# service kibana status
● kibana.service - Kibana
   Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-12-27 12:33:30 -05; 12s ago
 Main PID: 4639 (node)
    Tasks: 11 (limit: 4915)
   CGroup: /system.slice/kibana.service
           └─4639 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli -c /etc/kibana/kibana.yml

Dec 27 12:33:30 wazuh systemd[1]: Started Kibana.
Dec 27 12:33:40 wazuh kibana[4639]: {"type":"log","@timestamp":"2020-12-27T17:33:40Z","tags":["info","plugins-service"],"pid":4639,"message":"Plugin \"visTypeXy\" is disabled."}

and Elasticsearch seems to be working

root@wazuh:~# sudo lsof -i -P -n | grep LISTEN
systemd-r  559 systemd-resolve   13u  IPv4  17628      0t0  TCP 127.0.0.53:53 (LISTEN)
java       661   elasticsearch   80u  IPv6  20711      0t0  TCP 127.0.0.1:9600 (LISTEN)
java       661   elasticsearch   90u  IPv6  20724      0t0  TCP *:9650 (LISTEN)
java       700   elasticsearch  336u  IPv6  21156      0t0  TCP 127.0.0.1:9300 (LISTEN)
java       700   elasticsearch  338u  IPv6  25093      0t0  TCP 127.0.0.1:9200 (LISTEN)
sshd       816            root    3u  IPv4  19060      0t0  TCP *:22 (LISTEN)
sshd       816            root    4u  IPv6  19062      0t0  TCP *:22 (LISTEN)
master    1038            root   13u  IPv4  21753      0t0  TCP *:25 (LISTEN)
master    1038            root   14u  IPv6  21754      0t0  TCP *:25 (LISTEN)
python3   1379           ossec   20u  IPv4  22903      0t0  TCP *:55000 (LISTEN)
ossec-aut 1418            root    5u  IPv4  22004      0t0  TCP *:1515 (LISTEN)
ossec-rem 1564          ossecr    6u  IPv4  22061      0t0  TCP *:1514 (LISTEN)

this is the old elastic config before putting the letsencrypt

root@wazuh:~# cat /etc/elasticsearch/elasticsearch.yml 
network.host: 127.0.0.1
node.name: node-1
cluster.initial_master_nodes: node-1

opendistro_security.ssl.transport.pemcert_filepath: /etc/elasticsearch/certs/elasticsearch.pem
opendistro_security.ssl.transport.pemkey_filepath: /etc/elasticsearch/certs/elasticsearch.key
opendistro_security.ssl.transport.pemtrustedcas_filepath: /etc/elasticsearch/certs/root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.transport.resolve_hostname: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: /etc/elasticsearch/certs/elasticsearch_http.pem
opendistro_security.ssl.http.pemkey_filepath: /etc/elasticsearch/certs/elasticsearch_http.key
opendistro_security.ssl.http.pemtrustedcas_filepath: /etc/elasticsearch/certs/root-ca.pem
opendistro_security.nodes_dn:
- CN=node-1,OU=Docu,O=Wazuh,L=California,C=US
opendistro_security.authcz.admin_dn:
- CN=admin,OU=Docu,O=Wazuh,L=California,C=US

opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

Thank you

Are you using open distro? If so we can't help there as it's a fork of what we build. You will need to ask on their forums.

Thanks for the reply, well im using WAZUH but i think its using open distro i guess ill ask around to see what pops up
thanks

1 Like