How to set up Grafana HTTPS for secure web traffic

I wonder if there is a better way to do this? Since lets encrypt is owned specifically by root I had to copy the key files the same way and give it proper permissions, but there must be a better way?! The only problem I had was trying to point to my key files in /etc/letsencrypt/… without compromising my certs permissions of course

Hi All,

I have generated .csr and .key file in grafana server and gave .csr file to our CA team to get this signed. When CA autority signed this they gave me 3 file in .crt format(Server.crt, Intermediate.crt and Root.crt). I am not sure how to use this file in grafana. For now i am using below configuration but this is not working. Can someone help me on this how to do the setup.

cert_file = /etc/grafana/crt/ServerCertificate.crt(CA signed certificate)
cert_key = /etc/grafana/server.key(this one is first file that i created using openssl command )

Thanks,
Srikanta

Thank you so much. I can’t believe a relatively basic use case like this isn’t explained elsewhere. Yours is the only solution that I’ve found to work!

Hey zigobs, I have been trying to set things according to the explanation that you have given. I am new to grafana. However, I am unable to get the solution working on my EC2. Can you explain the steps clearly and mention everything step by step?

I have installed httpd, mod_ssl, and certbot to create the SSL certificate.

The https link says “Your connection is not private” and does not load the grafana page.

Hi,

I dont have etc/grafana folder.
After installing Grafana, I have C:\Program Files\GrafanaLabs\grafana
So where exactly I should keep cert and key file?

2 Likes

I am also stuck on the same problem. Did you get any solution?

1 Like

any solution identified for this?

Not sure if this is the problem, but for those with Grafana on Windows this is what I figured out. The cert_file, cert_key, and related options have to point to the correct path in quotes. eg cert_file = “C:\somepath\to\your\certfile.pem”

Can this be closed and redirect to a wiki if solved by people above while others like myself are struggling to make sense?

This worked for me:

sudo setfacl -R -m u:username:rX /etc/letsencrypt/{live,archive}

Hi @sanju443ts- Is the issue resolved. Can you help me on this

As i understand we need to move cert files in /etc/grafana folder is it ?

Correct. I just set this up on Debian a few months ago and it works fine if you place the cert files in /etc/grafana

Could you share the solution?

Dear all,

we now have official documentation that details how to set up Grafana HTTPS for secure web traffic:

2 Likes