Kibana <---> Elasticsearch integration with SSL enable

Hello,

I've tried to find a solution for this on this forum but I was not able to find a solution that solves the problem.
I'm trying to configure a Kibana/Elasticsearch integration. Each one of them is running on its own server on DigitalOcean. For the certificates, I'm using let'sencript. (https://certbot.eff.org/)

Everything is running inside docker containers.

My Elasticsearch is working and I'm able to communicate with it. The problem occurs when I try to connect Kibana to it. I'm getting the message:

[elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. unable to get issuer certificate

My kibana.yml is:
</
server.name: kibana

server.host: "0.0.0.0"

# Elasticsearch Connection

elasticsearch.hosts: [ "${ELASTICSEARCH_HOST_PORT}" ]

# SSL settings

server.ssl.enabled: true

server.ssl.certificate: /certs/kibana.crt

server.ssl.key: /certs/kibana.key

#server.ssl.certificateAuthorities: [ "/certs/ca.crt" ]

xpack.security.encryptionKey: ***********

xpack.encryptedSavedObjects.encryptionKey: ***********

xpack.reporting.encryptionKey: ***********

xpack.reporting.kibanaServer.hostname: ***********.***********.***********

## X-Pack security credentials

elasticsearch.serviceAccountToken: "${KIBANA_SERVICE_ACCOUNT_TOKEN}" # !!! Get token !!

#elasticsearch.ssl.certificateAuthorities: [ "/certs/ca.crt" ]

## Misc

elasticsearch.requestTimeout: 90000

server.publicBaseUrl: https://***********.***********.***********

Each one of my servers has its own certificates since they have separate domains.

Can someone point me in the right direction? I'm losing a lot of time trying to find the correct configuration...

Thanks in advance...

Hello there!

Please tell me how did you set ES host in kibana.yml - I can't see this setting.

Hey @cheshirecat . Yes, I've set the ES host. You can find it on this line:
elasticsearch.hosts: [ "${ELASTICSEARCH_HOST_PORT}" ]
ELASTICSEARCH_HOST_PORT is a enviroment variable ---> "https://myelasticaddress:9200"

most likely you need the ca for the the elasticsearch connection... as the error says

[elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. unable to get issuer certificate

You probably need the elasticsearch CA you have it commented out...see here

#elasticsearch.ssl.certificateAuthorities: [ "/certs/ca.crt" ]

or set verificationMode : none which is not recommended.

elasticsearch.ssl.verificationMode : none

Hi @stephenb, thank you for the reply

I've tried to enable "server.ssl.certificateAuthorities" on a test but I had the same result.

I'm using let'sencrypt certificates as follows:

server.ssl.certificateAuthorities  ----> fullchain.pem
server.ssl.certificate  ----> fullchain.pem 
server.ssl.key ----> privkey.pem

It's not the server.ssl...
That's for the Kibana connection to the browser

It's the elasticsearch.ssl...
Which is Kibana connecting to Elasticsearch which is what you're having trouble with.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.