How do I install a certificate in PMM?


After installation Chrome complains about the certificate. I would like to install a valid certificate.

Steps to Reproduce:

Connect to the server using Chrome




[If applicable, include any relevant log files or error messages]

Expected Result:

[What the user expected to see or happen before the issue occurred]

Actual Result:

[What actually happened when the user encountered the issue]

Additional Information:

[Include any additional information that could be helpful to diagnose the issue, such as browser or device information]

Hello @jruffer,
it’s written here.

Have a good day.

Hello @nurlan
A couple of problems:
I don’t have a dhparam.pem.
There is a passphrase set. How would I supply that?

Hi again,

  1. skip dhparam.pem
  2. You can tweak nginx configuration inside PMM as it shown in this stackoverflow question Pass cert password to Nginx with https site during restart - Stack Overflow, but it will not survive upgrade, so you will have to tweak it after each upgrade. Another option to use certificate with no passphrase.

I hope it helps you

I was able to convert the key to passwordless and create a dhparam.pem but it’s still not right.

The command:
docker exec -it pmm-server chown root.root /srv/nginx/*
chown: cannot access ‘/srv/nginx/*’: No such file or directory
so I used the command for each file explicitly.

Chrome still says it is unsafe.

Per the docs, did you mount the path into your container? -v /etc/pmm-certs:/srv/nginx

Please provide all of your commands/steps/output so we can help the best.

I used the method for a running image.

docker cp certificate.crt pmm-server:/srv/nginx/certificate.crt
docker cp certificate.key pmm-server:/srv/nginx/certificate.key
docker cp ca-certs.pem pmm-server:/srv/nginx/ca-certs.pem
docker cp dhparam.pem pmm-server:/srv/nginx/dhparam.pem

docker exec -it pmm-server chown root.root /srv/nginx/certificate.crt
docker exec -it pmm-server chown root.root /srv/nginx/certificate.key
docker exec -it pmm-server chown root.root /srv/nginx/ca-certs.pem
docker exec -it pmm-server chown root.root /srv/nginx/dhparam.pem

You need to restart the container for the certs to take effect. Or you can restart just nginx and grafana inside the container.

Yes, I thought that would be needed.

docker restart pmm-server

Was there anything else I should have done?

Finally got it sorted. There is a document on the Digicert website that explained that I needed to concatenate 2 files for it to work.

1 Like

That’s great @jruffer, could you please share the link? It will be helpful to other users.

1 Like