🚀 Let’s Encrypt SSL Certificate Setup for Wazuh Dashboard
This guide walks you through installing a free and secure SSL certificate on your Wazuh Dashboard using Let’s Encrypt and Certbot, including automatic renewal configuration.
📌 1. Install Certbot and Obtain Certificate
First, update your system and install Certbot, then obtain the certificate in standalone mode:
sudo apt update
sudo apt install certbot
sudo certbot certonly --standalone -d wazuh.arifakyuz.com
The --standalone flag allows Certbot to run its own temporary web server for validation.
📌 2. Copy Certificates to Wazuh Dashboard Directory
After obtaining the certificates, copy them to the directory accessible by Wazuh Dashboard:
sudo mkdir -p /etc/wazuh-dashboard/certs
sudo cp /etc/letsencrypt/live/wazuh.arifakyuz.com/fullchain.pem /etc/wazuh-dashboard/certs/
sudo cp /etc/letsencrypt/live/wazuh.arifakyuz.com/privkey.pem /etc/wazuh-dashboard/certs/
📌 3. Set Permissions for Certificate Files
Set correct ownership and permissions for security:
sudo chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs/
sudo chmod 440 /etc/wazuh-dashboard/certs/privkey.pem
sudo chmod 444 /etc/wazuh-dashboard/certs/fullchain.pem
📌 4. Configure SSL in Wazuh Dashboard
Edit the Wazuh Dashboard configuration file to enable SSL and specify certificate paths:
sudo nano /etc/wazuh-dashboard/opensearch_dashboards.yml
Add or update the following lines:
server.ssl.enabled: true
server.ssl.key: /etc/wazuh-dashboard/certs/privkey.pem
server.ssl.certificate: /etc/wazuh-dashboard/certs/fullchain.pem
📌 5. Restart Wazuh Dashboard Service
Restart the service to apply the new SSL configuration:
sudo systemctl restart wazuh-dashboard
📌 6. Set Up Automatic Certificate Renewal
Let’s Encrypt certificates expire every 90 days. To automate renewal and restart Wazuh Dashboard after renewal, add a renew hook:
sudo nano /etc/letsencrypt/renewal/wazuh.arifakyuz.com.conf
Add this line at the end of the file:
renew_hook = systemctl restart wazuh-dashboard
Test the renewal process with a dry run:
sudo certbot renew --dry-run
📌 7. Restart Service After Renewal
Finally, restart the Wazuh Dashboard service once more to ensure everything is running smoothly:
sudo systemctl restart wazuh-dashboard
✅ Summary Table
| Step | Description | Command |
|---|---|---|
| 1 | Install Certbot and obtain certificate | sudo apt install certbot |
| 2 | Copy certificates | sudo cp /etc/letsencrypt/live/wazuh.arifakyuz.com/fullchain.pem /etc/wazuh-dashboard/certs/ |
| 3 | Set permissions | sudo chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs/ |
| 4 | Configure SSL | server.ssl.enabled: true |
| 5 | Restart service | sudo systemctl restart wazuh-dashboard |
| 6 | Add renewal hook | renew_hook = systemctl restart wazuh-dashboard |
| 7 | Test renewal and restart | sudo certbot renew --dry-run |
📝 Conclusion
Following these steps will help you secure your Wazuh Dashboard with a free SSL certificate from Let’s Encrypt and ensure automatic renewal for uninterrupted, secure access.
Arif Akyüz
Bilgi Teknolojileri
Sistem Network Yöneticisi
ve Siber Güvenlik Uzmanı
[email protected]
- What is an LLM (Large Language Model)?
- CVE-2026-31431 (Copy Fail) – Ubuntu Security Mitigation Guide
- Windows Active Directory’de AD Kullanıcıları Raporlama – PowerShell ile Adım Adım
- Learn WiFi Password Using CMD (Windows Guide)
- What is RBAC (Role-Based Access Control)?
- PowerShell Get-WinEvent for Windows Event Log Analysis, Security Auditing and Digital Forensics
- Application Security: How to Check if a Software is Safe to Use
- How to Check Windows Server Restart History Using PowerShell
- GENAI and the Growing Cyber Threat: Raising Awareness for a Safer Digital Future
- PowerShell RDP Log Analysis Guide
- Windows 11 Recovery Bölümünü Silerek Disk Genişletme
- Windows Server Installed Programs List & Software Inventory Report – PowerShell HTML Script
- Microsoft 365 Copilot Agents: Microsoft-Developed Agents
- Top Professional Titles for Experts in AI Agent Management
- Quick File Finder with Powershell
- Let’s Encrypt SSL Certificate Setup for Wazuh Dashboard
- Automatically Connecting Windows 11 Devices to a Hidden SSID Without Sharing the Password
- Ubuntu Server Initial Setup and Configuration Guide
- Intel Core i5 Processor Generations (2009–2025)
- WAZUH ile pfSense Logları ile Trafik Analizi ve Filtreleme
- Intel Core i7 Processor Generations (2008–2025)
- pfSense Log Filtering Guide for Wazuh Discover
- Intel Core i9 Processor Generations (2017–2025)
- Opening a Port and Testing TCP Connections with PowerShell
- Testing Your Antivirus with PowerShell (Safe EICAR Script)
- Python Virtual Environment (venv) Setup: Windows, Linux & macOS
- test-antivirus-powershell
- Listing Unique IP Addresses in a File with PowerShell
- Adding Entries to Windows 11 Hosts File Using CMD
- .bak the process of opening and importing a SQL file
- .NET Framework 3.5 installation fails
- 1. Change user password with CMD
- 2. Create users with CMD
- 3. Delete a user with CMD
- 4. Open Port Inquiry CMD
- 5. Learning external IP with CMD
- 6. Domaine Alma with CMD
- 8. Creating a Folder with CMD
- 9. Shut Down a Remote Computer with CMD
- Account keeps locking
- Active Directory Security
- Active Directory Unlock Account Permission
- Add a Program to the Right-Click Menu
- Add Google Ads conversion tracking code to WordPress
- Add Opencart Google Ads conversion tracking code (add snippets)
- Add Whatsapp order button
- Adobe Illustrator Convert Type to Vector
- ALL ARTICLES
- Allow a standard user to run an application as an administrator in Windows
- ARİF AKYÜZ – SITE CONTENT
- Articles
- Backup Policy
- BC Search for Files and Folders with CMD
- Bitlocker Commissioned
- C# XML File Data Pull, Add, Delete, Update Operations
- Centos 7 IP Switching
- Change MAC Address
- Change the ADD to WooCommerce cart post
- Cisco Router Configuration
- Cisco Switch Model Learning Command
- Cisco Switch Setup
- CMD commands
- Combine columns one after the other in Excel
- Convert Picture to Text Converting Picture to Word
- Create a table of contents in Word
- Critical Files on Linux
- Cryptolocker Extension List
- CSS icon Package
- Cyber Security Certifications
- Cybersecurity Courses Passive Information Collection
- Data recovery via formatted disk
- Define the same proxy address for all users on Terminal Servers
- Delete Files and Folders with Task Scheduler Delete a File and Folder with PowerShell
- Deleting User Profile Files with Powershell
- DHCP Fail-over on Windows Server 2019
- Directory Structure on Linux
- Diskpart
- DNS Cache Clearing
- DOWNLOAD
- Exchange version information learning command
- Exchange: Bypass Malware Filtering
- File commands on Linux
- File Permissions on Linux
- Find out which port the app is using in Windows
- Forti Firewall IP Export
- Forti IP Export
- Google Advertising
- Google Advertising with ADS
- Google DNS
- Google Tag Manager Click Tracking
- Google Tag Manager Installation Turkish Lecture
- Group policy see command CMD applied to the computer
- How to Build an E-Commerce Site
- How to configure Proton VPN on pfSense using WireGuard
- How to Create a Shortcut to a Hyper-V Virtual Machine
- How to Create Trusted Self-Signed SSL Certificates and Local Domains for Testing
- How to Find Out the Motherboard Model?
- How to Get Facebook Pixel Code
- How to install FortiGate FortiOS 7.0
- How to Make a Vector Logo with Adobe Illustrator
- How to Put Password on Word Document
- How to Stay Safe From Stealer Attacks
- How to write IPv6 as a URL
- How to: Create CSR Code Through IIS
- HPE StoreOnce Systems
- IE Prevent running First Run Wizard
- Import Google Chrome passwords
- Instagram ad account closed
- INSTAGRAM ADVERTISING TRAINING
- Internal Network Attacks
- IPv6 Proxy
- Kali Linux Installation
- LAPS Installation and Configuration
- Learning Exchange CU Info command
- Learning MAC address with IP
- List files in an Excel folder
- Log4j scan for Linux
- Log4j Scan for Windows
- Mbps to kbps Converter
- Microsoft Endpoint Manager
- Microsoft Intune EDR import Server
- Microsoft Security Compliance Toolkit 1.0
- Most used ports
- My Instagram Ad Account Has Been Closed, How Can I Open?
- Network Settings for Viritual Box Virtual Machines
- NMAP Commands
- Open the UBUNTU SSH Port
- Opencart social media icon pack
- Package Management on Linux
- Password Expiration Date AD User
- Password Policy
- Paste into Excel Filtered Cells
- PDF Encryption and PDF file encryption
- Persistent user account lockout
- Ping IPv6
- Process Management on Linux
- Pull List of Domain Admin Group Members
- Pull local admin accounts of devices in the domain with Powershell
- Pulling a List of Applications Installed on the Computer with CMD
- Random MAC Address Generation
- Random password generator
- Random Password Generator
- RDP Event Viewer ID
- Real-Time Cyber Threat Map
- Reliable and fast DNS Server List 2022
- Remove additional information, product description, and product review from the WooCommerce product page
- Remove vmware workstation encryption
- RVTools
- Samsung phone throwing rom
- Samsung tablet rom throwing
- See the open and closed ports on the Cisco switch
- Send Outlook future mail
- Server room Checklist
- Server Sustainability
- Showing the Lowest Price on Products with WooCommerce Options
- SMB Signing Disabled
- Social Engineering Attacks
- Speed test
- SQL Injection Attack
- SQL Server 2019 setup
- Switch commands
- This computer can't run windows 11 error solution
- Turn off Insecure TLS Versions
- User management on Linux
- What is a bot?
- What is Biometric Photography?
- What is EternalBlue?
- What is GRC?
- What is IPv6?
- WHAT IS NBTSTAT
- What is Penetration Testing? What is vulnerability scanning?
- What is Split Tunnel? What is Full Tunnel?
- Who reset the User's Password on AD
- Whoami commands
- Windows 10 Password Cracking Programless
- Windows 10 release history
- Windows 11 theme appearance customization
- Windows 2016 Startup Folder
- Woocommerce Closing to Shopping
- WordPress Search button removal hiding
- WordPress Whatsapp button add