Environment: Splunk Enterprise 9.x (Windows, On-Prem) Domain: mydomain.duckdns.org (via DuckDNS) Certbot for Let’s Encrypt certificate generation Goal: Use the correct Certbot CLI command to generate certificates for Splunk HEC. Resolve curl: (28) Connection timed out when testing HTTPS. Specific Issues: 1. Certbot CLI and Certificate Handling The Let’s Encrypt README warns against copying/moving certificates, but Splunk requires specific paths. Question: What is the exact Certbot command to generate certificates for Splunk HEC on Windows? Should I copy fullchain.pem and privkey.pem to Splunk’s auth/certs directory despite the warnings? 2. HTTPS Curl Failure After configuring SSL in server.conf, curl times out: Copy Download curl -k -v "https://localhost:8088/services/collector" -H "Authorization: Splunk <HEC_TOKEN>"
* Connection timed out after 4518953 milliseconds Question: Why does curl timeout even after enabling SSL in Splunk? Is localhost:8088 valid for testing, or must I use mydomain.duckdns.org:8088? Steps Taken: Generated certificates with certbot certonly --standalone -d mydomain.duckdns.org. Copied fullchain.pem and privkey.pem to $SPLUNK_HOME/etc/auth/certs. Configured server.conf: ini Copy Download [httpServer]
enableSSL = true
sslCertPath = $SPLUNK_HOME/etc/auth/certs/fullchain.pem
sslKeyPath = $SPLUNK_HOME/etc/auth/certs/privkey.pem Confirmed port 8088 is open in Windows Firewall.
... View more
