Kibana Service Fails when SSL Cert Enabled

Mike_Sanders · August 31, 2016, 11:05am

I did a search but haven't found anything. I have a certificate that is working on 3 other servers but when I try to point Kibana to it I get the following error on service start:

● kibana.service - no description given
Loaded: loaded (/lib/systemd/system/kibana.service; disabled; vendor preset: enabled)
Active: inactive (dead)

Aug 31 01:47:23 kibana kibana[35250]: code: 'EACCES',
Aug 31 01:47:23 kibana kibana[35250]: syscall: 'open',
Aug 31 01:47:23 kibana kibana[35250]: path: '/etc/letsencrypt/live/api.domain.com/privkey.pem' }
Aug 31 01:47:23 kibana systemd[1]: kibana.service: Main process exited, code=exited, status=1/FAILURE
Aug 31 01:47:23 kibana systemd[1]: kibana.service: Unit entered failed state.
Aug 31 01:47:23 kibana systemd[1]: kibana.service: Failed with result 'exit-code'.
Aug 31 01:47:23 kibana systemd[1]: kibana.service: Service hold-off time over, scheduling restart.
Aug 31 01:47:23 kibana systemd[1]: Stopped no description given.
Aug 31 01:47:23 kibana systemd[1]: kibana.service: Start request repeated too quickly.
Aug 31 01:47:23 kibana systemd[1]: Failed to start no description given.

I noticed that the SSL cert wasn't part of the ssl-cert group so I added the directories and files to that group and added the kibana user to that group but it didn't help so I removed it. I'm really stuck now so any help would be appreciated. Thanks in advance!

Ubuntu 16.04
Kibana 4.5.4
SSL cert signed by letsencrypt

My YML File has the following entries for SSL:

server.ssl.cert: /etc/letsencrypt/live/api.domain.com/fullchain.pem
server.ssl.key: /etc/letsencrypt/live/api.domain.com/privkey.pem

jbudz · August 31, 2016, 6:18pm

It looks like you're on the right track, the error seems to indicate an issue opening the file. Kibana packages using systemd run as the user 'kibana' Can you make sure permissions on your certificates allow for read access to the file as either user or group kibana? If you chown kibana /etc/letsencrypt/live/api.domain.com/privkey.pem for example are you able to start the server?

Mike_Sanders · August 31, 2016, 9:29pm

Hi Jon,

Unfortunately I did try that and even with the permissions set to kibana as the owner of the files it still gives the same error.

imHarshj · October 4, 2016, 8:12pm

Mike - did you resolve this problem?

I'm having the same issue.

Mike_Sanders · October 4, 2016, 11:44pm

Not yet.Haven't had time to spend on it though but I'm going to have to get back on it soon so I'll post whatever I find here.

Mike_Sanders · November 4, 2016, 12:54am

Hi Harsh,

Did you ever figure it out. I'm still stumped.

imHarshj · November 10, 2016, 11:48pm

I did resolve it. If I remember correctly this might help:
Try moving your .pem and .key files to the /opt/kibana/installedPlugins/shield directory.
Then update the paths for the .pem/.key files in the kibana.yml file.

let me know if that works.

Mike_Sanders · November 15, 2016, 11:04pm

That did work! Thank you!