How to configure Let's encrypt ssl certificate for OpenSearch Dashboard and for data prepper?

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Describe the issue:
I have generated Let’s encrypt ssl certificate using http challenge and configured as below:

server.ssl.certificate: /etc/letsencrypt/live/
server.ssl.key: /etc/letsencrypt/live/
opensearch.ssl.certificateAuthorities: [ "/etc/letsencrypt/live/" ]

But I am not able to browse OpenSearch Dashboard after configuring above certificates and restarting OSD. I am getting connection refused on What could be the reason for the issue? I don’t see any issue on the opensearch log. Can I use the above certificate for dataprepper sink for OpenSearch?

Thanks in advance.

Hi @rmstmg

Could you please share your opensearch_dashboards.yml , opensearch.yml and data-prepper-config.yaml files?

Hello @Eugene7 , Please find the config details as below:

opensearch.yml: /var/lib/opensearch
path.logs: /var/log/opensearch
discovery.type: single-node /etc/opensearch/node1.pem /etc/opensearch/node1-key.pem /etc/opensearch/root-ca.pem true /etc/opensearch/node1.pem /etc/opensearch/node1-key.pem /etc/opensearch/root-ca.pem true
  - ',OU=IT,O=Example Ltd.,L=London,C=UK'
  - ',OU=IT,O=Example Ltd.,L=London,C=UK' internal_opensearch true true ["all_access", "security_rest_api_access"]


--- ""
server.maxPayloadBytes: 104857600
opensearch.requestTimeout: 30000
opensearch.hosts: [https://<serveripaddress>:9200]
opensearch.ssl.verificationMode: none
opensearch.username: admin
opensearch.password: password here
opensearch.requestHeadersWhitelist: [authorization, securitytenant]
server.ssl.enabled: true
server.ssl.certificate: /etc/letsencrypt/live/
server.ssl.key: /etc/letsencrypt/live/
opensearch.ssl.certificateAuthorities: [ "/etc/letsencrypt/live/" ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [Private, Global]
opensearch_security.readonly_mode.roles: [kibana_read_only] false


      ssl: false
    - opensearch:
        hosts: [ "" ]
        insecure: true
        username: admin
        password: password
        index: my-logs-%{yyyy.MM.dd}

Your help is highly appreciated. Thanks.

Can you connect to the OpenSearch node with a curl command ? Are the node certificates for http and transport self-signed or from Let’s encrypt?