Ad Widget

**dinao** · 02-06-2022, 15:58

Hi,
I'm currently setting up the report generator in zabbix and it was pretty straight forward until i hit a roadblock.

I have a lot of troubles setting up the SSL. When i try to do it i have this error that is popping up :

Code:

2022/06/02 15:42:57.150791 starting Zabbix web service
2022/06/02 15:42:57.151015 failed to start: failed to read CA cert file: open /etc/letsencrypt/live/MYDOMAIN/fullchain.pem: permission denied
2022/06/02 15:43:07.211632 starting Zabbix web service
2022/06/02 15:43:07.211790 failed to start: failed to read CA cert file: open /etc/letsencrypt/live/MYDOMAIN/fullchain.pem: permission denied

If i try to enable IgnoreURLCertErrors=1 i get this :

Code:

2022/06/02 15:23:28.031852 starting Zabbix web service
2022/06/02 15:41:01.549573 received report request from MY_IP:61494
2022/06/02 15:41:01.549697 Method is not supported.

My SSL certificate is generated with certbot, but it looks like there is a permission issue with the cert files. This link /etc/letsencrypt/live/MYDOMAIN/fullchain.pem and all the files in this folder are symlinks pointing to /etc/letsencrypt/archive/MYDOMAIN/

Code:

root@zabbix:~# ls -la /etc/letsencrypt/live/MYDOMAIN/
total 12
drwxr-xr-x 2 root root 4096 26 mai 01:08 .
drwx------ 3 root root 4096 1 avril 2020 ..
lrwxrwxrwx 1 root root 41 26 mai 01:08 cert.pem -> ../../archive/MYDOMAIN/cert14.pem
lrwxrwxrwx 1 root root 42 26 mai 01:08 chain.pem -> ../../archive/MYDOMAIN/chain14.pem
lrwxrwxrwx 1 root root 46 26 mai 01:08 fullchain.pem -> ../../archive/MYDOMAIN/fullchain14.pem
lrwxrwxrwx 1 root root 44 26 mai 01:08 privkey.pem -> ../../archive/MYDOMAIN/privkey14.pem
-rw-r--r-- 1 root root 692 1 avril 2020 README

If i go in /etc/letsencrypt/archive/MYDOMAIN/ i get this :

Code:

root@zabbix:~# ls -la /etc/letsencrypt/archive/MYDOMAIN/
total 260
drwxr-xr-x 2 root root 4096 26 mai 01:08 .
drwxr-xr-x 3 root root 4096 1 avril 2020 ..
-rw-r--r-- 1 root root 1846 26 sept. 2021 cert10.pem
-rw-r--r-- 1 root root 1846 25 nov. 2021 cert11.pem
-rw-r--r-- 1 root root 1846 25 janv. 11:28 cert12.pem
-rw-r--r-- 1 root root 1846 26 mars 21:50 cert13.pem
-rw-r--r-- 1 root root 1846 26 mai 01:08 cert14.pem
-rw-r--r-- 1 root root 1911 1 avril 2020 cert1.pem
-rw-r--r-- 1 root root 1911 31 mai 2020 cert2.pem
-rw-r--r-- 1 root root 1915 31 juil. 2020 cert3.pem
-rw-r--r-- 1 root root 1915 29 sept. 2020 cert4.pem
-rw-r--r-- 1 root root 1915 28 nov. 2020 cert5.pem
-rw-r--r-- 1 root root 1846 28 janv. 2021 cert6.pem
-rw-r--r-- 1 root root 1846 29 mars 2021 cert7.pem
-rw-r--r-- 1 root root 1846 29 mai 2021 cert8.pem
-rw-r--r-- 1 root root 1846 28 juil. 2021 cert9.pem
-rw-r--r-- 1 root root 3750 26 sept. 2021 chain10.pem
-rw-r--r-- 1 root root 3749 25 nov. 2021 chain11.pem
-rw-r--r-- 1 root root 3749 25 janv. 11:28 chain12.pem
-rw-r--r-- 1 root root 3749 26 mars 21:50 chain13.pem
-rw-r--r-- 1 root root 3749 26 mai 01:08 chain14.pem
-rw-r--r-- 1 root root 1647 1 avril 2020 chain1.pem
-rw-r--r-- 1 root root 1647 31 mai 2020 chain2.pem
...

As you can see, the folder has the right rights in order to read the cert files. In order to debug it, i changed to perms to 777 and it didn't change a thing. I also verified all the above folders and there were read rights to "anyone".

Finally, i tried to skip the SSL completely in order to just make it work, so i changed the frontend url from HTTPS to HTTP and in the serverconf i also changed the url from HTTPS to HTTP. The report sending is working, i get the email in my inbox but when i open the link, i get a 404 because i think that there is a redirect somewhere in my apache vhost config. I didn't wanted to go any further down the HTTP route because it doesn't interest me, i need that functionality with the SSL and i didn't wanted to weaken my security just for this.

I'm having a really hard time finding documentation or tutorials on how to set up this functionality with SSL.

Thank you in advance for your help.

Regards,

Ad Widget

Problem with zabbix report generator

Problem with zabbix report generator