Grafana Image Renderer SSL issue

Grafana
1

So I made Grafana work over HTTPS, with a domain https://example.com:3000. I installed the Grafana Image Renderer locally, and when I set rendering_ignore_https_errors = true it works just fine. The problem is that the rendering uses the url community.grafana.com and localhost doesn’t match the certificate installed for example.com:3000. Errors are below.

t=2020-06-04T13:47:10-0400 lvl=eror msg=“Browser request failed” logger=plugins.backend pluginId=grafana-image-renderer url="https://community.grafana.com/d-solo/aAKo3gmMk/base-metrics?orgId=1&refresh=30s&from=1591270848004&to=1591292448004&var-hostname=server.example.com&var-service=Apache%20HTTPD&var-disk=&var-windisk=&panelId=1&width=1000&height=500&tz=America%2FNew_York&render=1" method=GET failure=net::ERR_CERT_COMMON_NAME_INVALID

t=2020-06-04T13:47:10-0400 lvl=eror msg=“Render request failed” logger=plugins.backend pluginId=grafana-image-renderer error="Error: net::ERR_CERT_COMMON_NAME_INVALID at https://community.grafana.com/d-solo/aAKo3gmMk/base-metrics?orgId=1&refresh=30s&from=1591270848004&to=1591292448004&var-hostname=server.example.com&var-service=Apache%20HTTPD&var-disk=&var-windisk=&panelId=1&width=1000&height=500&tz=America%2FNew_York&render=1" url="https://community.grafana.com/d-solo/aAKo3gmMk/base-metrics?orgId=1&refresh=30s&from=1591270848004&to=1591292448004&var-hostname=server.example.com&var-service=Apache%20HTTPD&var-disk=&var-windisk=&panelId=1&width=1000&height=500&tz=America%2FNew_York&render=1"

I have tried to set in the [rendering] server_url and callback_url, in all possible combinations with https://example.com:3000 and no changes made to these variables after a service restart change the localhost to anything or get it to work.

This is with the latest Grafana 7.0.3 on Red Hat 8.

Thanks for any help provided.

2

I have been looking for an answer to this as well. After playing with all the settings, I found that if I set http_addr = host_fqdn when grafana loads, it begins to use the fqdn of my server when rendering images instead of localhost.

This is odd since all the documentation says this should be the IP address you want to bind to. However it seems to have fixed my problem.

Additional Notes:
This config option wasn’t set previously.
When I set it to the IP address, the render plugin tries to use the IP and I still get a failure since the IP doesn’t match the CN in my certificate.

1 Like
3

Hi,

you have mentioned “host_fqdn”, should we put as it is or we should enter hostname of server in the place of host, like if my hostname is abc then should i enter “abc_fqdn”?

4

is there a way to use grafana-image-renderer in TLS enabled config?

5

To resolve the SSL issue with Grafana Image Renderer, consider updating your SSL configuration to include “community.grafana.com” as a valid domain. While you can continue using “rendering_ignore_https_errors = true,” be mindful of potential security risks. Alternatively, try changing the rendering URL to a domain that matches your
Grafana server’s SSL certificate. Additionally, double-check your Grafana configuration to ensure that the “server_url” and “callback_url” are correctly set. This should help address the SSL certificate validation errors you’re encountering.
For further insights, you may also find useful tips in this blog post on fixing SSL certificate errors: How to Fix SSL Certificate Error: Top Ways to Resolve SSL Error Quickly