Kibana Service Fails when SSL Cert Enabled


(Mike Sanders) #1

I did a search but haven't found anything. I have a certificate that is working on 3 other servers but when I try to point Kibana to it I get the following error on service start:

● kibana.service - no description given
Loaded: loaded (/lib/systemd/system/kibana.service; disabled; vendor preset: enabled)
Active: inactive (dead)

Aug 31 01:47:23 kibana kibana[35250]: code: 'EACCES',
Aug 31 01:47:23 kibana kibana[35250]: syscall: 'open',
Aug 31 01:47:23 kibana kibana[35250]: path: '/etc/letsencrypt/live/api.domain.com/privkey.pem' }
Aug 31 01:47:23 kibana systemd[1]: kibana.service: Main process exited, code=exited, status=1/FAILURE
Aug 31 01:47:23 kibana systemd[1]: kibana.service: Unit entered failed state.
Aug 31 01:47:23 kibana systemd[1]: kibana.service: Failed with result 'exit-code'.
Aug 31 01:47:23 kibana systemd[1]: kibana.service: Service hold-off time over, scheduling restart.
Aug 31 01:47:23 kibana systemd[1]: Stopped no description given.
Aug 31 01:47:23 kibana systemd[1]: kibana.service: Start request repeated too quickly.
Aug 31 01:47:23 kibana systemd[1]: Failed to start no description given.

I noticed that the SSL cert wasn't part of the ssl-cert group so I added the directories and files to that group and added the kibana user to that group but it didn't help so I removed it. I'm really stuck now so any help would be appreciated. Thanks in advance!

Ubuntu 16.04
Kibana 4.5.4
SSL cert signed by letsencrypt

My YML File has the following entries for SSL:

server.ssl.cert: /etc/letsencrypt/live/api.domain.com/fullchain.pem
server.ssl.key: /etc/letsencrypt/live/api.domain.com/privkey.pem


(Jon Budzenski) #2

It looks like you're on the right track, the error seems to indicate an issue opening the file. Kibana packages using systemd run as the user 'kibana' Can you make sure permissions on your certificates allow for read access to the file as either user or group kibana? If you chown kibana /etc/letsencrypt/live/api.domain.com/privkey.pem for example are you able to start the server?


Kibana with Shield SSL
(Mike Sanders) #3

Hi Jon,

Unfortunately I did try that and even with the permissions set to kibana as the owner of the files it still gives the same error.


(Harsh Jain) #4

Mike - did you resolve this problem?

I'm having the same issue.


(Mike Sanders) #5

Not yet.Haven't had time to spend on it though but I'm going to have to get back on it soon so I'll post whatever I find here.


(Mike Sanders) #6

Hi Harsh,

Did you ever figure it out. I'm still stumped.


(Harsh Jain) #7

I did resolve it. If I remember correctly this might help:
Try moving your .pem and .key files to the /opt/kibana/installedPlugins/shield directory.
Then update the paths for the .pem/.key files in the kibana.yml file.

let me know if that works.


(Mike Sanders) #8

That did work! Thank you!


(system) #9