If you are anything like me and against paying for a cert or wildcard cert then you will find joy in creating certs every 3 months like I do (sometimes) however when I create these certs I nearly always forget to write down the method on how to do it or apply the cert!
Please see below for said guide 🙂
Pre-requisites
- Certbot needs to be installed, there are a number of online guides on how to do this
- Grafana needs to be installed and running
- Access to your linux based machine or VM
- Port 80 open on the VM
Certbot
Certbot is a cool tool which will generate a CSR,Key and Cert chain without the need to copy and past information, there is a number of guides online on how to do this however for us we first need to run the following command
certbot certonly --standaloneYou will then be prompted by the following
You should then put in your FQDN which could be grafana.mydomain.com
Once complete head to directory of the saved files
Copying over the Cert files
Once you are in the folder you will need to have two windows open side by side as we then need to copy some data over.
Make sure on one side you are in the directory of your new cert and on the other side in /etc/grafana/ like below.
Backup
Inside /etc/grafana there will be some files called grafana.crt and grafana.key, we will need to back these up and this can be done by using the command below
mv grafana.key grafana.key.bak
mv grafana.crt grafana.crt.bakCopy the files over
so we can copy the files over we will need to know about the “cat ” command, which displays the context on screen, once you are familiar with the command follow the instructions below
- In etc/grafana/ create the file grafana.crt by typing nano grafana.crt
- in your left hand window please type cat fullchain.pem and copy the contents into the nano window created in step 1.
- Save the file using the options within the editor
- Follow the steps again however this time please create the file grafana.key and cat privkey.pem
- Make sure both files have been created
Ownership
- Once all files have been created we will then need to change the ownership this can be done below
chown -R grafana:grafana grafana.key - The above in step 6 will need to be done for grafana.key and grafana.crt
- We will now need to change the permissions also, this can be done like so
chmod 755 grafana.crt
chmod 755 grafana.key
Restart Grafana
Once complete you will need to restart grafana by running the command below
service grafana-server restartOnce complete you should see the lock symbol with a valid cert like below
Troubleshoot
Grafana gives you some good logging on why it can’t start so would look at the logs and then run through this guide again as i’m sure there is something missing, however always good to hear your feedback.
No responses yet