Grafana Image Renderer SSL issue

So I made Grafana work over HTTPS, with a domain https://example.com:3000. I installed the Grafana Image Renderer locally, and when I set rendering_ignore_https_errors = true it works just fine. The problem is that the rendering uses the url community.grafana.com and localhost doesn’t match the certificate installed for example.com:3000. Errors are below.

t=2020-06-04T13:47:10-0400 lvl=eror msg=“Browser request failed” logger=plugins.backend pluginId=grafana-image-renderer url="https://community.grafana.com/d-solo/aAKo3gmMk/base-metrics?orgId=1&refresh=30s&from=1591270848004&to=1591292448004&var-hostname=server.example.com&var-service=Apache%20HTTPD&var-disk=&var-windisk=&panelId=1&width=1000&height=500&tz=America%2FNew_York&render=1" method=GET failure=net::ERR_CERT_COMMON_NAME_INVALID

t=2020-06-04T13:47:10-0400 lvl=eror msg=“Render request failed” logger=plugins.backend pluginId=grafana-image-renderer error="Error: net::ERR_CERT_COMMON_NAME_INVALID at https://community.grafana.com/d-solo/aAKo3gmMk/base-metrics?orgId=1&refresh=30s&from=1591270848004&to=1591292448004&var-hostname=server.example.com&var-service=Apache%20HTTPD&var-disk=&var-windisk=&panelId=1&width=1000&height=500&tz=America%2FNew_York&render=1" url="https://community.grafana.com/d-solo/aAKo3gmMk/base-metrics?orgId=1&refresh=30s&from=1591270848004&to=1591292448004&var-hostname=server.example.com&var-service=Apache%20HTTPD&var-disk=&var-windisk=&panelId=1&width=1000&height=500&tz=America%2FNew_York&render=1"

I have tried to set in the [rendering] server_url and callback_url, in all possible combinations with https://example.com:3000 and no changes made to these variables after a service restart change the localhost to anything or get it to work.

This is with the latest Grafana 7.0.3 on Red Hat 8.

Thanks for any help provided.

I have been looking for an answer to this as well. After playing with all the settings, I found that if I set http_addr = host_fqdn when grafana loads, it begins to use the fqdn of my server when rendering images instead of localhost.

This is odd since all the documentation says this should be the IP address you want to bind to. However it seems to have fixed my problem.

Additional Notes:
This config option wasn’t set previously.
When I set it to the IP address, the render plugin tries to use the IP and I still get a failure since the IP doesn’t match the CN in my certificate.

1 Like

Hi,

you have mentioned “host_fqdn”, should we put as it is or we should enter hostname of server in the place of host, like if my hostname is abc then should i enter “abc_fqdn”?

is there a way to use grafana-image-renderer in TLS enabled config?