Generating .key and .cert files

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

I’m getting a Kolide Fleet server up and running. I would like to use certbot to generate my TLS certs. So I ran certbot to pick up my certs and they installed correctly. However I need .key and .cert files to point to in my Kolide config file. Pointing to the .pem files does not work.

So I’m wondering how I can have .key and .cert files generated automatically (maybe with a hook) in the proper naming format.

The name of the files doesn’t matter.

Looking at Fleet’s code, it is expecting the key and certificate to be PEM format - the same format that Certbot stores its keys and certificates in.

So on the face of it, what you’re doing should work.

server:
  tls: true
  key: "/etc/letsencrypt/live/example.org/privkey.pem"
  cert: "/etc/letsencrypt/live/example.org/fullchain.pem"

If it doesn’t work, then Fleet should produce some errors in its logs.

Perhaps Fleet runs at a lower privilege level than root and you need to set a hook to produce copies of the certificates, or use file ACLs to permit read access. In any case, there should be errors.

Or your configuration isn’t being applied at all.

1 Like