PMM 2.29.0 - Nginx Certificate Renewal - AWS Marketplace

I used AWS Marketplace and recently upgraded to PMM 2.29.0. It seems the Nginx certificates are expiring and need renewal. I found a process to do it but it was painful and not quick. Just wonder if anyone knows how to update certificates for Nginx in AWS Marketplace the proper way.

2 Likes

Hi @odemark1 thanks for posting your question to the forums!

Are you asking about how to update the self-signed certificates from PMM Server? Recently we published a blog post how to use LetsEncrypt with PMM, perhaps this will help you:

1 Like

@Michael_Coburn I think I’ve faced the same issue.
The issue was introduced in pmm-update 2.29.0 version, the issue is in the wrong cp command here:

This script is executed only after EC2 instance reboot: pmm-update/main.yml at v2.29.0 · percona/pmm-update · GitHub
And only in case certificate is reaching it end of live. So after EC2 instance reboot we end up with inconsistent certificate.crt and ceritficate.key in /srv/nginx/. To fix this I had to manually copy the right certificate.crt from /etc/nginx/ssl/ (both crt and key files are generated there) to /srv/nginx/

1 Like

Hi @Artem_Timchenko1 ,
Thank you for your help, I prepared PR to fix it in the next release

3 Likes