Hey all - Unsure where to turn with this one.
Running Elasticsearch 7.16.3 and Kibana 7.16.3 on Ubuntu Server 20.04
Elasticsearch is configured and running successfully as a single-node deployment, currently with...
xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true
...enabled, intended for testing agents in the future.
Kibana was working without issue, as well, until we attempted to configured client/browser HTTPS by enabling the following lines....
server.ssl.enabled: true
server.ssl.certificate: /etc/ssl/certs/test.pem
server.ssl.key: /etc/ssl/private/test.key
The CSR for this cert was generated, with a new key, on the same server using OpenSSL, then signed on a Windows certificate authority.
Thinking that, maybe, it was a permissions issue, we tried moving the cert to a path within /etc/kibana to allow the kibana user access to it, but it failed in the same manner.
When attempting to start the service, it completes without error initially. After a few seconds, the service goes into an auto-restart/activating status, and repeats this loop a few times till it ultimately fails.
I don't see any events being generated in /var/log/kibana/kibana.log that coincide with these systemctl messages, but I do see HTTP {"type":"response"...} events from accessing the server via a browser (prior to enabling the SSL features in kibana.
If I keep a tail -f going on that log file during the startup attempt for the service, there are no events being written to the log file.
As soon as we comment out the three SSL lines in kibana.yml, it starts up without a problem.
Cert configuration issue? Cert file path issue?
Any insight or tips would be awesome, I'm a bit lost.