Prerequisites <\/p>\n\n\n\n
In this example, the server is already using Let’s Encrypt to create the certificate for a LibreNMS server. So all we are doing is copying the certificate to a Grafana directory, putting the correct permissions on it, and updating the Grafana config file to use the certificate.<\/p>\n\n\n\n
Steps<\/strong><\/p>\n\n\n\n <\/p>\n\n\n\n In the following commands, change librenms.incredigeek.com to the directory that Let’s Encrypt is using for your fully qualified domain name (FQDN). Usually it is just your FQDN, but could also have -0001 or something appended to the end.<\/p>\n\n\n\n In the above, we are copying the privkey.pem and fullchain.pem to \/etc\/grafana. We are then setting the correct owner\/permissions on the files so that the Grafana service can read the certificate.<\/p>\n\n\n\n <\/p>\n\n\n\n This is super easy. Open up the Grafana config file in \/etc\/grafana.ini<\/p>\n\n\n\n Find the following variables and configure them like so<\/p>\n\n\n\n Restart Grafana<\/p>\n\n\n\n You should now have a working SSL certificate for the site. <\/p>\n\n\n\n Let’s Encrypt certificates need to be updated frequently. This means that we should automate the above steps to avoid any down time. After all, a monitoring tool with down time defeats the purpose of monitoring.<\/p>\n\n\n\n We’ll need to create a root crontab <\/p>\n\n\n\n Add the following changing out the FQDN to your FQDN. <\/p>\n\n\n\n This is set to run once a month. Change if desired. Also change out librenms.incredigeek.com with your FQDN.<\/p>\n\n\n\n Note about domain name and IP addresses. Let’s Encrypt will not create a certificate for an IP address. You should be using a domain name instead (i.e. networkmonitoring.yourdomain.com) If the certificate is installed, and you access it via the IP address, you will receive a HTTPS error in your browser.<\/p>\n","protected":false},"excerpt":{"rendered":" Prerequisites In this example, the server is already using Let’s Encrypt to create the certificate for a LibreNMS server. So all we are doing is copying the certificate to a Grafana directory, putting the correct permissions on it, and updating … Continue reading \n
Copy Certificate files<\/h2>\n\n\n\n
cp -f \/etc\/letsencrypt\/live\/librenms.incredigeek.com\/privkey.pem \n\/etc\/grafana\/ \ncp -f \/etc\/letsencrypt\/live\/librenms.incredigeek.com\/fullchain.pem \/etc\/grafana\/ \nchown root:grafana \/etc\/grafana\/*.pem\nchmod 640 \/etc\/grafana\/*.pem Enable grafana on system bootup<\/pre>\n\n\n\n
Configure Grafana Config File<\/h2>\n\n\n\n
vi \/etc\/grafana.ini<\/pre>\n\n\n\n
protocol = https
cert_file = \/etc\/grafana\/fullchain.pem
cert_key = \/etc\/grafana\/privkey.pem<\/pre>\n\n\n\nsystemctl restart grafana-server.service<\/pre>\n\n\n\n
Automate Certificate Copy<\/h2>\n\n\n\n
sudo crontab -e<\/pre>\n\n\n\n
0 0 1 * * cp -f \/etc\/letsencrypt\/live\/librenms.incredigeek.com<\/strong>\/privkey.pem \/etc\/grafana\/ && cp -f \/etc\/letsencrypt\/live\/librenms.incredigeek.com<\/strong>\/fullchain.pem \/etc\/grafana\/ && chown root:grafana \/etc\/grafana\/*.pem && chmod 640 \/etc\/grafana\/<\/em>*.pem <\/pre>\n\n\n\n