InfluxDB with Let's Encrypt Certs failed to find PEM block #7643
Description
Directions
As asked by Sean Beckett a bug report (or feature request). See https://groups.google.com/forum/#!topic/influxdb/2k6fV_giunA
Bug report
CentOS 7
- Install server with hostname, install webpage and configure Let's Encrypt, eg https://m01.outsideit.net/
- Install InfluxDB, fix permissions (yes after fresh installation I always need to fix some permissions on /var/lib/influxdb/meta)
- Use a influxdb.conf with something like this:
[admin]
enabled = true
bind-address = ":8083"
https-enabled = true
https-certificate = "/etc/letsencrypt/live/m01.outsideit.net/fullchain.pem"
https-private-key = "/etc/letsencrypt/live/m01.outsideit.net/privkey.pem"
[http]
enabled = true
bind-address = ":8086"
auth-enabled = true
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = true
https-certificate = "/etc/letsencrypt/live/m01.outsideit.net/fullchain.pem"
https-private-key = "/etc/letsencrypt/live/m01.outsideit.net/privkey.pem"
__Expected behavior:
sudo systemctl start influxdb
results in started service
__Actual behavior:
influxdb service doesn't start
__Additional info:
When trying manually
/usr/bin/influxd -config /etc/influxdb/influxdb.conf
I can see the following error:
run: open server: open service: tls: failed to find PEM block with type ending in "PRIVATE KEY" in key input after skipping PEM blocks of the following types: [CERTIFICATE CERTIFICATE]
But
cat /etc/letsencrypt/live/m01.outsideit.net/privkey.pem
-----BEGIN PRIVATE KEY-----
mycertdarfkzofkjzeifjezfjiozejfaefakjdop
I can make it work when I just concatenate the fullchain and the privkey pems but as Let's Encrypt certificates have to be renewed every three months it would be nice if this just worked automatically with the certificates from the live folder.