Trying to use our own certificates for kibana/elasticsearch but page doesn't load after

Hello,

I've manage to build our ELK environment on Ubuntu 20.0.4 (not Docker) and setup Elastiflow, it works great and I followed this guide which also uses self certs, so we just access using https://1.2.3.4:5601 for example.

I've now been asked to use a proper FQDN for it like https://vmnetflow.mydomain.com and the team that looks after our certificates have given me 2 files. Btw I'm not expert at certificates or ELK.

Files:
vmnetflow_mydomain_com.crt
vmnetflow_mydomain_com.key

They also gave me the CA cert camydomain.cer

So I copied these 2:

/etc/elasticsearch/certs/
/etc/kibana/certs/

and the ca cert to:

/etc/elasticsearch/certs/ca
/etc/kibana/certs/ca

Then edited the Elasticsearch and kibana yml files to point to these. I then restart the services which are successful and then try the url of https://vmnetflow.mydomain.com and it says it can't connect, not page loads at all. If I try using the IP I get the same issue.

I'm not entirely sure what I need do next to check.

My elastiflow config here. I've # out the working self certs (3 lines) so you can see the working ones too.

My Kibana config here

Any ideas would be most welcome, I'm hoping a second pair of eyes might see something if overlooked.

Thanks

What do your Elasticsearch logs show?

If I just change the cert path in the Elasticsearch.yml first (I'm not sure if I have to do the Kibana.yml to or can do after) then the log file doesn't show any errors, but the page doesn't load and says:

"{"statusCode":503,"error":"Service Unavailable","message":"License is not available."}:

If I revert to the selfcerts all is ok again.

This is my log file - elasticsearchlog1 - Pastebin.com

Could the certs I've been given be wrong or the CA cert?

Elasticsearch is starting fine, and is healthy:

[2022-01-12T17:25:41,521][INFO ][o.e.c.r.a.AllocationService] [svr-elastiflow] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.kibana-event-log-7.15.0-000001][0]]]).

We'll need to see the Kibana logs to know why Kibana isn't working.

There is not much in the kabana.log in /var/log/kibana.log after I restart the service:

{"type":"log","@timestamp":"2022-01-13T13:35:16+00:00","tags":["info","plugins-system","standard"],"pid":2473,"message":"Stopping all plugins."}

{"type":"log","@timestamp":"2022-01-13T13:35:16+00:00","tags":["info","plugins","monitoring","monitoring","kibana-monitoring"],"pid":2473,"message":"Monitoring stats collection is stopped"}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.