Skip to content

Configure SSL for Zabbix Server Front end

Video Lecture

Configure SSL for Zabbix Server Front end Configure SSL for Zabbix Server Front end

Description

The Zabbix Server doesn't have any transport encryption enabled yet, so any messages passed between our browser and the server are in plain text. We should secure our server asap with an SSL certificate.

I create the certificate using options provided by LetsEncrypt. This has the added benefit of being free.

So, we need to SSH onto our Zabbix Server and install Certbot

Ubuntu 24.04 with Apache

#
#
#
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
certbot --apache

And follow the prompts, and at the end your Zabbix Server will have an SSL certificate bound and accessed via HTTPS.

I can then visit my new Zabbix Server on Ubuntu 24.04 with SSL and the domain name at

https://zabbix.sbcode.net

Troubleshooting

Domain Propagation

The Certbot service will externally query your domain name on port 80 from random positions in the world to validate that the IP address making the request is the same as the A name record registered for the domain name. Ensure that your domain name has fully propagated across the internet before using Certbot. You can check your A name propagation progress using DNS Checker

Timeout during connect

Also, if you have a firewall blocking access to port 80, as I have done so far in this course when I set up the firewall, you will need to temporarily allow all HTTP (Port 80) requests to reach your web server so that the Certbot service can verify the request. Certbot will place a temporary static file somewhere in your web server folder and request it using HTTP. If the external Certbot service cannot retrieve this file, it will not issue the certificate.

Allow incoming HTTP & HTTPS

Finally, so that HTTPS works, as well as the HTTP 301 redirect, you should also ensure that you have allowed incoming HTTP (Port 80) and HTTPS (Port 443) on your firewall.

Comments