Influxdb: InfluxDB with Let's Encrypt Certs failed to find PEM block

Directions

As asked by Sean Beckett a bug report (or feature request). See https://groups.google.com/forum/#!topic/influxdb/2k6fV_giunA

Bug report

CentOS 7

1. Install server with hostname, install webpage and configure Let's Encrypt, eg https://m01.outsideit.net/
2. Install InfluxDB, fix permissions (yes after fresh installation I always need to fix some permissions on /var/lib/influxdb/meta)
3. Use a influxdb.conf with something like this:

[admin]
  enabled = true
  bind-address = ":8083"
  https-enabled = true
  https-certificate = "/etc/letsencrypt/live/m01.outsideit.net/fullchain.pem"
  https-private-key = "/etc/letsencrypt/live/m01.outsideit.net/privkey.pem"

[http]
  enabled = true
  bind-address = ":8086"
  auth-enabled = true
  log-enabled = true
  write-tracing = false
  pprof-enabled = false
  https-enabled = true
  https-certificate = "/etc/letsencrypt/live/m01.outsideit.net/fullchain.pem"
  https-private-key = "/etc/letsencrypt/live/m01.outsideit.net/privkey.pem"

__Expected behavior:

sudo systemctl start influxdb

results in started service

__Actual behavior:

influxdb service doesn't start

__Additional info:

When trying manually

/usr/bin/influxd -config /etc/influxdb/influxdb.conf

I can see the following error:

run: open server: open service: tls: failed to find PEM block with type ending in "PRIVATE KEY" in key input after skipping PEM blocks of the following types: [CERTIFICATE CERTIFICATE]

But

cat /etc/letsencrypt/live/m01.outsideit.net/privkey.pem
-----BEGIN PRIVATE KEY-----
mycertdarfkzofkjzeifjezfjiozejfaefakjdop

I can make it work when I just concatenate the fullchain and the privkey pems but as Let's Encrypt certificates have to be renewed every three months it would be nice if this just worked automatically with the certificates from the live folder.