I am using LetsEncrypt’s certbot to auto-renew SSL/TSL certs every 3 months on an Ubuntu machine.
The cert works fine if I place the
*.pem files into
/etc/grafana and change the
grafana.ini file to point to that location.
However, if the
*.pem files are left in
/etc/letsencrypt/live/<my-domain> then Grafana fails to start with the following appearing in
t=2021-12-13T09:28:35+0100 lvl=eror msg="Stopped HTTPServer" logger=server reason="open /etc/letsencrypt/live/<my-domain>/fullchain.pem: permission denied" t=2021-12-13T09:28:35+0100 lvl=eror msg="Server shutdown" logger=server error="HTTPServer run error: open /etc/letsencrypt/live/<my-domain>/fullchain.pem: permission denied"
I’ve tried everything I can think of, and have even set the permissions for both the
/etc/letsencrypt/live/<my-domain> folder and pem files to
drwxrwxrwx for all users (
It’s important to me that I can specify that location for Grafana to read from so that I don’t need to copy the files over every time the SSL / TSL certs auto-renew every 3 months.
Why can Grafana not access those pem files in that location?