Can't start systemd service for InfluxDB because of TLS certs


After installing InfluxDB, the systemd unit is unable to start and run when HTTPS is configured because the certificates are owned by the root user, and the systemd service fails to start.


This is similar to this thread, but still different.

I was confused at first when running influx -config <path to config> worked successfully, but systemctl start influxdb always would fail. I was able to figure out the issue by…

  • Looked at journalctl, saw permission denied on opening TLS certificate file
  • Looked at influxdb.service, noted it starts as influxdb
  • Made copies of certificates, moved to /etc/ssl and changed permissions to belong to influxdb
  • systemd service successfully starts

In the documentation, we’re told to set file permissions to root, but this seems like erroneous instructions. Is this a bug or is there a better way to go about doing this?


Alternatively, I guess you could make sure root and influxd users are in the same group, and set permissions of the certs to readable by group. It does sound like some adjustment of the docs is in order and I’d encourage you to go to github and file an issue — or change the docs and submit a pull request.


For context, I’m using LetsEncrypt-issued certificates. I tried running a chown on the LetsEncrypt directory with the group I created, but after restarting InfluxDB, it still failed to open the certificates, even though they were owned by the mutual group I created. :woman_shrugging:

Edit: Filed an issue for it here.