I am trying to setup wazuh with letsencrypt certificates, but I run into an issue with the root-ca.pem.
here is my config:
I have an ALB setup for http traffic, and an nlb setup for the agents over 1514 1515, and 55000. I am intending to have full tunnel tls hence using certifiates inside the alb. I have an aws certificate on the alb too.
server.host: "0.0.0.0"
server.port: 443
opensearch.hosts: "https://wazuh.MYDOMAIN.com:9200"
opensearch.ssl.verificationMode: "certificate"
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/indexer-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/indexer.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: "/app/wazuh"
Lets encrypt provides these files:
cert.pem chain.pem fullchain.pem privkey.pem README
and I have copied the fullchain to the indexer.pem file, and the privkey file to the indexer-key.pem file.
the service status output states the service is running, but the log lines contain:
Mar 02 08:45:32 ip-IP.REGION.compute.internal opensearch-dashboards[2020]:
{"type":"log","@timestamp":"2024-03-02T08:45:32Z","tags":["error","opensearch","data"],
"pid":2020,"message":"[ConnectionError]: connect ECONNREFUSED ALB-IP:9200"}
what am I supposed to set as the opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]? all the documentation I see is around the self signed certs, and its provided in the config, but not with the lets encrypt method?
Do I need to worry about the admin.pem /key files not being available in lets encrypt?
(edit)after running /etc/wazuh-indexer/opensearch-security: ERR: Seems you use a node certificate which is also an admin certificate That may have worked with older OpenSearch Security versions but it indicates a configuration error and is therefore forbidden now.
what do I need to do to make this work?
If I load my url in the browser, I get the Wazuh dashboard server is not ready yet message.
Ive tried to use the lets encrypt intermediate cert as the root-ca, and queired with gpt, but that was a wild goose chase. Im not really sure what I missed here.