I used AWS Marketplace and recently upgraded to PMM 2.29.0. It seems the Nginx certificates are expiring and need renewal. I found a process to do it but it was painful and not quick. Just wonder if anyone knows how to update certificates for Nginx in AWS Marketplace the proper way.
2 Likes
Hi @odemark1 thanks for posting your question to the forums!
Are you asking about how to update the self-signed certificates from PMM Server? Recently we published a blog post how to use LetsEncrypt with PMM, perhaps this will help you:
1 Like
@Michael_Coburn I think I’ve faced the same issue.
The issue was introduced in pmm-update 2.29.0 version, the issue is in the wrong cp command here:
This script is executed only after EC2 instance reboot: pmm-update/main.yml at v2.29.0 · percona/pmm-update · GitHub
And only in case certificate is reaching it end of live. So after EC2 instance reboot we end up with inconsistent certificate.crt and ceritficate.key in /srv/nginx/. To fix this I had to manually copy the right certificate.crt from /etc/nginx/ssl/ (both crt and key files are generated there) to /srv/nginx/
1 Like
Hi @Artem_Timchenko1 ,
Thank you for your help, I prepared PR to fix it in the next release
3 Likes