Hello,
today I was trying to add certificates to my zabbix server but when I add them in the config file and restart the server to load the config i get the message
zabbix server is not running the information displayed may not be current
when using systemctl status zabbix-server it says
zabbix-server.service - Zabbix Server Loaded: loaded (/usr/lib/systemd/system/zabbix-server.service; enabled; preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Tue 2025-04-08 13:09:55 UTC; 5s ago Process: 4651 ExecStart=/usr/sbin/zabbix_server -c $CONFFILE (code=exited, status=0/SUCCESS) Process: 4732 ExecStop=/bin/sh -c [ -n "$1" ] && kill -s TERM "$1" -- $MAINPID (code=exited, status=1/FAILURE) Main PID: 4653 (code=exited, status=0/SUCCESS) CPU: 138ms
I went to etc/zabbix and created a new directory sudo mkdir ssl (where I wanted all the certs to live), then I used sudo openssl req -new -newkey rsa:2048 -nodes -keyout /etc/zabbix/ssl/zabbix_server.key -out /etc/zabbix/ssl/zabbix_server.csr -subj "/CN=li-mon01.<mydomain>.local"
to create the key and csr. I used teh csr to get a certificate from out CA but unlike the documentation i got a .cer instead of .crt.
I then copied the new zabbix_server.cer and the ca´s root .cer to the home directory of the zabbix server. Then sudo coppied it to /etc/zabbix/ssl and now the 2 .cer and the key are in this directory.
Then I edited the conf file and added those 3 lines
and after that i restart zabbix with sudo systemctl restart zabbix-server
And from that point i get the message zabbix server is not running the information displayed may not be current and the status I mentioned earlier.
Where did I go wrong?
Edit:
btw as soon as i put a # in front of my changes in the config file it starts up normaly again.
today I was trying to add certificates to my zabbix server but when I add them in the config file and restart the server to load the config i get the message
zabbix server is not running the information displayed may not be current
when using systemctl status zabbix-server it says
zabbix-server.service - Zabbix Server Loaded: loaded (/usr/lib/systemd/system/zabbix-server.service; enabled; preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Tue 2025-04-08 13:09:55 UTC; 5s ago Process: 4651 ExecStart=/usr/sbin/zabbix_server -c $CONFFILE (code=exited, status=0/SUCCESS) Process: 4732 ExecStop=/bin/sh -c [ -n "$1" ] && kill -s TERM "$1" -- $MAINPID (code=exited, status=1/FAILURE) Main PID: 4653 (code=exited, status=0/SUCCESS) CPU: 138ms
I went to etc/zabbix and created a new directory sudo mkdir ssl (where I wanted all the certs to live), then I used sudo openssl req -new -newkey rsa:2048 -nodes -keyout /etc/zabbix/ssl/zabbix_server.key -out /etc/zabbix/ssl/zabbix_server.csr -subj "/CN=li-mon01.<mydomain>.local"
to create the key and csr. I used teh csr to get a certificate from out CA but unlike the documentation i got a .cer instead of .crt.
I then copied the new zabbix_server.cer and the ca´s root .cer to the home directory of the zabbix server. Then sudo coppied it to /etc/zabbix/ssl and now the 2 .cer and the key are in this directory.
Then I edited the conf file and added those 3 lines
and after that i restart zabbix with sudo systemctl restart zabbix-server
And from that point i get the message zabbix server is not running the information displayed may not be current and the status I mentioned earlier.
Where did I go wrong?
Edit:
btw as soon as i put a # in front of my changes in the config file it starts up normaly again.
Comment