I am trying to run influxdb with HTTPS and having trouble with CA certs. I can’t get influxdb to start; it fails with permissions errors (even, insecurely, making permissions as flexible as possible for go/influxdb users).
We can launch it fine with self-signed certs, but that conflicts with our client side applications (the InfluxDB node client doesn’t seem to behave well with custom options for ignoring cert verification).
Note: works with self-signed certs just fine, but those aren’t working in the client-side requests I have to make.
System info: [Include InfluxDB version, operating system name, and other relevant details]
Ubuntu 16.04 in AWS EC2, r5d.2xlarge instance, InfluxDB 1.6.2
Steps to reproduce:
- Create suitable DNS name for instance (We are using AWS Route53)
- Create Let’sEncrypt certificates (for Apache on Ubuntu 16.04) using certbot
- Edit permissions of certificates basically as described here:
sudo -s
DOMAIN=<your domain name>
chown -R root:root /etc/letsencrypt/archive/${DOMAIN}
chown -R root:root /etc/letsencrypt/live/${DOMAIN}
chmod 644 /etc/letsencrypt/archive/${DOMAIN}/*.pem
chmod 644 /etc/letsencrypt/live/${DOMAIN}/*.pem
chmod 600 /etc/letsencrypt/archive/${DOMAIN}/privkey*.pem
chmod 600 /etc/letsencrypt/live/${DOMAIN}/privkey.pem
chmod go+x /etc/letsencrypt/archive/${DOMAIN}
chmod go+x /etc/letsencrypt/live/${DOMAIN}
- Edit
/etc/influxdb/influxdb.confto point to these certs:
https-enabled = true
https-certificate = "/etc/letsencrypt/live/<your domain name>/cert.pem"
https-private-key = "/etc/letsencrypt/live/<your domain name>/privkey.pem"
- Restart:
sudo systemctl restart influxdb
Expected behavior: [What you expected to happen]
Expect influxdb to start successfully and serve over https
Actual behavior: [What actually happened]
influxdb fails repeatedly with no error information, possibly reporting a permissions error opening the certificate.
