Hello!
I’m using Let’s Encrypt certificates to secure an input using TLS (setting the proper path)
Now I’m looking for a way to reload that input in order to reload the certificate/key config after a Let’s Encrypt update. Is there any way to do it without stopping the log ingestion?
Regards,
Juan
By the way, I’m using letsencrypt certificates because I’ve tried activating only the “TLS enable” check and let Graylog generate the certs, but then I’m seeing on the server logs entries like the following one (and no log ingestion)
2020-07-14T03:47:50.764Z ERROR [AbstractTcpTransport] Error in Input [GELF HTTP/5f06d797bebee452a8cafe38] (channel [id: 0x40345cf2, L:/10.164.0.4:12202 ! R:/52.122.123.124:18623]) (cause io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:10000418:SSL routines:OPENSSL_internal:TLSV1_ALERT_UNKNOWN_CA)
Any help solving this CA issue will be appreciated as well 
I’ve also tried to generate the certs myself, setting the path on the input’s config (permissions were checked). The input start was properly done using TLS, but another kind of error started to show (and no log ingestion)
2020-07-13T10:18:10.269Z ERROR [AbstractTcpTransport] Error in Input [GELF HTTP/5f06d797bebee452a8cafe38] (channel [id: 0x40345cf2, L:/10.164.0.4:12202 ! R:/52.122.123.124:38274]) (cause io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:10000070:SSL routines:OPENSSL_internal:BAD_PACKET_LENGTH)
when you have the certificate updated the only option is to stop the input and start it again via the API.
no other option is given, currently.
You might want to raise a feature request for the option to have lets encrypt for the inputs:
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.