Certificates from Let’s Encrypt for Splunk Web

Certificates from Let’s Encrypt for Splunk Web

August 21, 2023

In this blog post you will learn how to use certificates from Let’s Encrypt for Splunk Web.

We recommend you watch the accompanying YouTube video „Let’s Encrypt für Splunk Web – SSL-Zertifikate in fünf Minuten“ for visual examples and a more detailed explanation (only available in german).


First, we make sure that the server has a publicly accessible IP address and that we have administrator access to it. In addition, we also need to check the firewall to see if it allows incoming traffic, for example. But more about that later.

A little hint:
If you want to set up HTTPS for a local web server without constantly receiving certificate warnings, it is recommended that you use a self-signed certificate.

Installation of Certbot

A very popular and simple option is provided by the Let’s Encrypt client Certbot. If these instructions do not work for your operating system, you can find a link to instructions for other operating systems here.

We first connect to our server via SSH. Of course, we do this with a user who has admin rights.

Our first step is to install snapd. In our case, this works via:

Copy to Clipboard

Here we can view installation instructions customized for our operating system.

After the installation, we still need to make sure that the latest version of snapd is installed. To do this, we simply run the following commands:

Copy to Clipboard

Once we installed snapd with an operating system package manager like apt, yum or dnf, we must not forget to remove certbot-auto and the operating system packages before installing certbot-snap. This ensures that when the `certbot’ command is executed, the snap is used and not the version from the operating system’s package manager. So in our case, we run the following command:

Copy to Clipboard

Then we run the following commands to install Certbot and afterward to make the certbot command executable:

Copy to Clipboard

To perform the next steps, we first need to check our firewall and allow incoming traffic on port 80/TCP.

The default port for HTTP is port 80, which means that normally unencrypted web servers run on this port. These would have to be stopped so that Certbot can then communicate via this port. However, since Splunk runs on port 8000, this is not necessary for us.

Depending on which solution you use, the commands may look like this or different:

Copy to Clipboard

Now we can run Certbot with the following command and in the dialog we will be asked to specify the DNS of our website and an email address where we can be reached to be automatically notified when our certificate is about to expire.

Copy to Clipboard

Then we delete the rule again that allows incoming traffic on port 80.

Making certificates usable for Splunk

In ~/etc/letsencrypt/live// we now find the certificates from Let’s Encrypt. In order for Splunk to work with these certificates, we need to copy fullchain.pem and privkey.pem to the file tree under Splunk. To do this, we first create a folder under the following path and copy the required certificates to it:

Copy to Clipboard

We switch to the directory $SPLUNK_HOME/etc/system/local/ and edit the file web.conf so that the correct paths point show to privkey.pem and fullchain.pem.


Copy to Clipboard

After restarting Splunk, when we open the web page in the browser, we can see the closed lock on the left of the URL bar and clicking on it indicates that the connection is secure and the certificate is valid.

Set up automated renewal of the certificate

We create a cronjob to set up an automated renewal of the certificate for our website. In our case, we want to run this cronjob every Sunday at 2am. So wen run the command crontab -e and write the following line in the called file:

Copy to Clipboard

The shell script that is called for the cronjob first calls the certificate renewal command and then tests if the certificate has actually been renewed. The command renews the certificate only if it falls below a validity of 30 days.

Then, once the certificate has actually been renewed, we still copy the required new certificates to the Splunk usable location and make sure that the new files are also owned by the Splunk executing user. This must of course still be replaced in the following.

Copy to Clipboard

Leave A Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

Avada Programmer

Hello! We are a group of skilled developers and programmers.

Hello! We are a group of skilled developers and programmers.

We have experience in working with different platforms, systems, and devices to create products that are compatible and accessible.