I have recently installed a lets encrypt cert on my Ubuntu server running Ignition v8.0.7. It appears that everything worked find I got all of the cert files (private key and and fullchain) from certbot. I packaged it all up using pkcs12 and put it at /usr/local/bin/ignition/webserver/ssl.pfx . Then I used the ./gwcmd.sh --reloadks command and got the “Successfully reloaded the SSL key store” message however, I still cannot connect on 8043 and it doesn’t look like anything has changed in the webserver settings in the gateway (I still see the red message saying SSL is not configured). Is there a step that I am missing or do you have to already have SSL configured before you set it up this way?
Hey yes there are a couple of warnings I will attach the logs. I see an “Unable to refresh state” from the SslManager and “Could not read license from HASP key. Driver not found” from licenseManager.
My Ignition instance is running as my local user (this is set during install in /usr/local/bin/ignition/ignition.sh) however my certificate deploy script is running as root. This is where the permission issue comes from.
The key store file is consequently owned by root with only read access for that user.
In my deploy script, I added this line before the line that reloads the key store:
Note the new environment variable, IGNITION_USER that I added which is not in the tutorial referenced above. You can add this to your environment or replace it with the actual user / group name.