x509: certificate signed by unknown authority #2
Description
Hello,
I have followed the steps in the article to set up a fleet-server, but for some reason the fleet-server does not like the self signed certificate. I double checked all the environment variable flags and they appear correct. Or at least identical to the gitlab repo.
Any suggestions would be greatly appreaciated.
Cheers,
Erwin
FLEET env vars:
# env | grep ^FLEET_
FLEET_SERVER_POLICY_ID=fleet-server-policy
FLEET_INSECURE=true
FLEET_SERVER_ELASTICSEARCH_HOST=https://es01:9200
FLEET_SERVER_CERT_KEY=/certs/fleet-server/fleet-server.key
FLEET_SERVER_INSECURE_HTTP=true
FLEET_ENROLL=1
FLEET_SERVER_ELASTICSEARCH_CA=/certs/ca/ca.crt
FLEET_SERVER_ELASTICSEARCH_INSECURE=true
FLEET_URL=https://fleet-server:8220
FLEET_SERVER_CERT=/certs/fleet-server/fleet-server.crt
FLEET_SERVER_ENABLE=1
FLEET_CA=/certs/ca/ca.crt
fleet-server log
{"log.level":"info","@timestamp":"2023-12-04T00:11:11.363Z","message":"request accepted","component":{"binary":"apm-server","dataset":"elastic_agent.apm_server","id":"apm-default","type":"apm"},"log":{"source":"apm-default"},"log.origin":{"file.line":61,"file.name":"middleware/log_middleware.go"},"service.name":"apm-server","user_agent.original":"apm-agent-python/6.17.0 (my_python_service)","http.request.id":"ebe88572-690c-4c26-ae07-8b9e938434d6","log.logger":"request","http.request.method":"POST","url.original":"/intake/v2/events","event.duration":711917,"http.response.status_code":202,"ecs.version":"1.6.0","source.address":"172.26.0.2","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2023-12-04T00:11:12.683Z","message":"precondition failed: x509: certificate signed by unknown authority","component":{"binary":"apm-server","dataset":"elastic_agent.apm_server","id":"apm-default","type":"apm"},"log":{"source":"apm-default"},"log.logger":"beater","log.origin":{"file.line":64,"file.name":"beater/waitready.go"},"service.name":"apm-server","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2023-12-04T00:11:14.449Z","message":"Failed to connect to backoff(elasticsearch(https://es01:9200)): Get \"https://es01:9200\": x509: certificate signed by unknown authority","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"beat/metrics-monitoring","type":"beat/metrics"},"log":{"source":"beat/metrics-monitoring"},"ecs.version":"1.6.0","log.logger":"publisher_pipeline_output","log.origin":{"file.line":150,"file.name":"pipeline/client_worker.go"},"service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-12-04T00:11:14.449Z","message":"Attempting to reconnect to backoff(elasticsearch(https://es01:9200)) with 4 reconnect attempt(s)","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"beat/metrics-monitoring","type":"beat/metrics"},"log":{"source":"beat/metrics-monitoring"},"log.logger":"publisher_pipeline_output","log.origin":{"file.line":141,"file.name":"pipeline/client_worker.go"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2023-12-04T00:11:14.456Z","message":"Error dialing x509: certificate signed by unknown authority","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"beat/metrics-monitoring","type":"beat/metrics"},"log":{"source":"beat/metrics-monitoring"},"network":"tcp","address":"es01:9200","ecs.version":"1.6.0","log.logger":"esclientleg","log.origin":{"file.line":38,"file.name":"transport/logging.go"},"service.name":"metricbeat","ecs.version":"1.6.0"}