Https with certificate generated by certbot

Hi all,
I have a running and functional grafana server running on HTTP, (sub.domain.com:3000)
I have tried to make it run over HTTPS using certbot (so it can be embedded on google sites)
Everything works as you would expect it to:

  • certbot succesfully generates the certificate
  • I symlink the files to the grafana folder
  • I modify the grafana.ini file accordingly
  • I restart grafana without any errors

BUT…when attempting to access the new link (https://sub.domain.com:3000) it just says connection refused.

This is what my log shows:

Dec 24 17:44:22 ubuntu grafana[716610]: logger=sqlstore t=2023-12-24T17:44:22.829925548Z level=warn msg="SQLite database file has broader permissions than it should" path=/var/lib/grafana/grafana.db mode=-rw-rw-rw- expected=-rw-r-----
Dec 24 17:44:22 ubuntu grafana[716610]: logger=migrator t=2023-12-24T17:44:22.831726044Z level=info msg="Starting DB migrations"
Dec 24 17:44:22 ubuntu grafana[716610]: logger=migrator t=2023-12-24T17:44:22.861833868Z level=info msg="migrations completed" performed=0 skipped=608 duration=1.647983ms
Dec 24 17:44:22 ubuntu grafana[716610]: logger=licensing t=2023-12-24T17:44:22.864407136Z level=info msg="Validated license token" appURL=https://sub.domain.com:3000/ source=disk status=NotFound
Dec 24 17:44:22 ubuntu grafana[716610]: logger=secrets t=2023-12-24T17:44:22.865383489Z level=info msg="Envelope encryption state" enabled=true currentprovider=secretKey.v1
Dec 24 17:44:22 ubuntu grafana[716610]: logger=plugins.registration t=2023-12-24T17:44:22.950475836Z level=info msg="Plugin registered" pluginId=input
Dec 24 17:44:23 ubuntu grafana[716610]: logger=plugins.registration t=2023-12-24T17:44:23.500844828Z level=info msg="Plugin registered" pluginId=grafana-googlesheets-datasource
Dec 24 17:44:23 ubuntu grafana[716610]: logger=plugins.registration t=2023-12-24T17:44:23.52180007Z level=info msg="Plugin registered" pluginId=grafana-image-renderer
Dec 24 17:44:23 ubuntu grafana[716610]: logger=query_data t=2023-12-24T17:44:23.526700203Z level=info msg="Query Service initialization"
Dec 24 17:44:23 ubuntu grafana[716610]: logger=live.push_http t=2023-12-24T17:44:23.535446246Z level=info msg="Live Push Gateway initialization"

So as the grafana-server starts without any errors but the HTTPS address is inaccesible, I ask the question…are the any red flags in this log I am not noticing? / Are there any checks I can do to attempt to troubleshoot this issue?

Running Ubuntu 22 on a VPS

Thanks
Alex

How do you know that’s correct? Especially, when you didn’t show your config. Did you check all (not only last x lines) Grafana logs from last start?
Blind guess: permission issue on generated key/cert.

1 Like

Thank you!!
It was indeed a permission issue, I am new to grafana and I had assumed that the log shown when running systemctl status grafana is the same as when opening the actual log.

Thanks