Getting below error when try to enable rest_enable_tls = true and web_enable_tls = true.
Private key file exists at /etc/letsencrypt/live/domain.com/privkey.pem
2017-12-20T07:00:56.621+01:00 ERROR [CmdLineTool] Invalid configuration
com.github.joschi.jadconfig.ValidationException: Unreadable or missing REST API private key: /etc/letsencrypt/live/domain.com/privkey.pem
at org.graylog2.plugin.BaseConfiguration.validateRestTlsConfig(BaseConfiguration.java:456) ~[graylog.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_151]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_151]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_151]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_151]
at com.github.joschi.jadconfig.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:53) ~[graylog.jar:?]
at com.github.joschi.jadconfig.JadConfig.invokeValidatorMethods(JadConfig.java:221) ~[graylog.jar:?]
at com.github.joschi.jadconfig.JadConfig.process(JadConfig.java:100) ~[graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.processConfiguration(CmdLineTool.java:351) [graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.readConfiguration(CmdLineTool.java:344) [graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:177) [graylog.jar:?]
at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]
Error is gone after copying letsencrypt privkey.pem to /etc/graylog folder which is strange.
Another error occur is when I ran command ‘keytool -list -v -keystore keystore.jks -alias domain.com’
" keytool error: java.lang.Exception: Keystore file does not exist: keystore.jks
java.lang.Exception: Keystore file does not exist: keystore.jks
at sun.security.tools.keytool.Main.doCommands(Main.java:783)
at sun.security.tools.keytool.Main.run(Main.java:366)
at sun.security.tools.keytool.Main.main(Main.java:359)
"
From where can I get the file keystore.jks, even I search on server but didn’t get any file.
Need your suggestion for SSL and TLS setup for graylog.
I have used letsencrypt SSL at nGinx level, so browser will always detect letsencrypt SSL which is more secure than self signed SSL and at graylog level I have created a self signed certificate based on the link you have provided.
I hope this will not create any problem in communication.