New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support self signed certs for alert notifications #9548
Comments
There are currently no way of using self signed certs for alert notifications. https://github.com/grafana/grafana/blob/master/pkg/services/notifications/webhook.go#L27 If we decide to add support for it. Alert notifications should not use services/notifications/webhook.go but instead create a new abstractiong in https://github.com/grafana/grafana/tree/master/pkg/services/alerting/notifiers for dealing with http settings. |
@laughland Btw. Im not sure your using the correct path for certs on Centos. https://unix.stackexchange.com/questions/363308/how-do-i-list-all-available-ssl-ca-certificates-on-centos-6/363309#363309 |
We were successful in getting notifications working in Grafana with our CA signed cert. Here is a snippet of our grafana:
image: grafana/grafana:latest
volumes:
- grafana_data:/var/lib/grafana
- /home/user/grafana/certs/:/etc/ssl/certs/:z
expose:
- 3000
ports:
- "3000:3000"
env_file:
- ./grafana/config.env |
I think you closed this by mistake. re opening. |
Yes, thanks! |
I'm having the same issue with our Grafana Alerts channel using webhook. The webhook url is also using a self-signed ssl certificate. We ran grafana on container based on the official image pulled form the repo. Is there any workaround for this? |
I had same problem using official docker grafana/grafana. there is no permission to install new certification. here is the solution: install cert to HOST. case ubuntu:
|
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Facing same problem. Could you please at least add an option to disable TLS /SSL check - I am also using self-signed certs and this is very hard to deal with. |
Bump. |
Bump, preferably an option within the notification channel options to tinker with cert details. |
Same issue faced here using the docker image grafana/grafana when trying to configure a notification channel via webhook. |
I similarly had the issue where my webhook notification channel was targetting a https exposed REST server using a certificate signed by an untrusted root certificate. I managed to have this issue fixed by mounting a self written ca-certificates.crt file in the grafana container (which is based on debian FYI). Based on those inputs :
I mounted a configmap file as a volume in /etc/ssl/certs/ in my kuberntes pod so that the ca-certificates.crt file contains the root certificate used to sign the https certificate. |
I think I'm seeing this? It seems related but not sure if its a separate issue so figured I'd ask. My alert is non-functional because I see this error every time it runs its query to see if it needs to alert me:
But this only happens when the query is run by the alert. If I go to explore and run this same query it runs without issue:
My source is configured correctly, I can save and test and use explore. It just doesn't seem to work from alerts. |
@mdegat01 I've just managed to solve this problem for myself. It had nothing to do with my Grafana setup. My source of data is an influxdb Docker container which happened to use the wrong cert file. I'm using certbot to get my certs ready on my host. I've been using
So I started using |
This worked for me on Alpine based Docker image:
|
Yeah, this being missing is a bit frustrating - we want to direct a webhook towards a service behind our k8s ingress; but get an error that the x509 cert is for the ingress and not the service hostname... |
It would be nice to have Skip TLS Verify option on Alert channels just like on Data sources :) |
this worked for me for smtp notifications for grafana preinstalled in oracle linux virtualization manager (olvm) engine host edit change
came here via https://community.grafana.com/t/grafana-webhook-failed-to-send-alert-notifications-x509-certificate-signed-by-unknown-authority/5701 which is the third google result for "Failed to send notification to email addresses x509: certificate is not valid for any names, but wanted to match XXXXX" |
Hi, faced this on the new grafana unified alert feature. The webhook contact point doesn't allow to configure the skip verify. Thanks, |
Hello, facing the same thing, we need to be able to skip-verify the webhook tls endpoint, Thanks |
I totally agree with this but, since this issue is 7 years old, it seems like it wont be happening soon 😢 |
grafana/grafana:master
Prometheus
CentOS 7 on virtualBox
Tried to add a notification alert channel via the grafana UI
A notification would be sent
To troubleshoot we manually added our certificates with Grafana running in a Docker container:
docker run --rm --entrypoint="/bin/bash" -p 3000:3000 -it grafana/grafana
Our signed certificates were added to
/etc/ssl/certs
and then we ranc_rehash /etc/ssl/certs
We curled our mattermost instance
curl https://mattermost.ourdomain.com
successfully:Is there some way to use our self signed certificates with Grafana to add an alerting channel?
The text was updated successfully, but these errors were encountered: