Hello, I've spent probably 8+hrs now trying to debug how to get SSL certificates working with splunk web and finally got it working, so posting this here to hopefully help someone in the future. Using these links as a reference: https://docs.splunk.com/Documentation/Splunk/9.0.2/Security/Turnonbasicencryptionusingweb.conf https://docs.splunk.com/Documentation/Splunk/9.0.2/Security/HowtoprepareyoursignedcertificatesforSplunk The hardest part was figuring out how to use the certificates provided by certbot into a format that splunk recognizes. The following steps ended up working: 1) Create /opt/splunk/etc/system/local/web.conf by copying /opt/splunk/etc/system/default/web.conf and change the line "enableSplunkWebSSL = false" to "enableSplunkWebSSL = true" 2) Install and configure certbot to obtain certificates as needed. They'll be in /etc/letsencrypt/live/$my_domain/ instead of /opt/splunk/etc/auth/splunkweb/ and they're not in a format that splunk can use. 3) The second link above gives some guidance on how to prepare the certbot certificates to the format that splunk needs them, which should be: server certificate private key CA certificate To do this, I'm creating the following certbot post renewal hook script: /etc/letsencrypt/renewal-hooks/post/splunk.sh #!/bin/bash #change this my_domain variable to match the domain you are using my_domain=XXXX src_path=/etc/letsencrypt/live/$my_domain dst_path=/opt/splunk/etc/auth/splunkweb cat $src_path/cert.pem $src_path/privkey.pem $src_path/fullchain.pem > $dst_path/cert.pem cat $src_path/privkey.pem > $dst_path/privkey.pem chown splunk:splunk $dst_path/cert.pem $dst_path/privkey.pem chmod 600 $dst_path/cert.pem $dst_path/privkey.pem /opt/splunk/bin/splunk restart #EOF And make the script executable: chmod +x /etc/letsencrypt/renewal-hooks/post/splunk.sh 4) Since you've already renewed the certificate with certbot, you can run the script directly: /etc/letsencrypt/renewal-hooks/post/splunk.sh The script should run automatically whenever certbot renews your certificate ... View more

Hello, I've read the official docs pages on upgrading splunk, but they don't actually ever give direct instructions. http://docs.splunk.com/Documentation/Splunk/6.6.2/Installation/HowtoupgradeSplunk I don't have a complicated splunk install. It's installed on one server, not a distributed or clustered anything. And it's CentOS. So I'm looking either for a yum repository or some easy way to script getting the rpm or tar. I hate having to log in on the Splunk website and navigate their terrible UI to find the download. If there isn't a repository available, does anyone know if they make their downloads available via some mirror or other public URL, using predictable path/file names? Does everyone just manually login to download the latest Splunk files for all their architecture versions and distribute them by hand? ... View more