APM Node agent won't recognize cloud cert

ftripier_ionq · September 30, 2019, 4:12pm

Kibana version:
v7.3.2

Elasticsearch version:
v7.3.2

APM Server version:
v7.3.2

APM Agent language and version:
NodeJS v10.16.3

Browser version:

Original install method (e.g. download page, yum, deb, from source, etc.) and version:
npm install/hosted on elastic cloud

Fresh install or upgraded from other version?
fresh install

Is there anything special in your setup? For example, are you using the Logstash or Kafka outputs? Are you using a load balancer in front of the APM Servers? Have you changed index pattern, generated custom templates, changed agent configuration etc.

It's a very straightforward set up. We just run a node server on an on-premise ubuntu 16.04 box.

Description of the problem including expected versus actual behavior. Please include screenshots (if relevant):

Basically, our server is failing to talk to APM in any capacity. One-off scripts on the same box and node version work fine.

Steps to reproduce:

Boot up our server using pm2. Initialize agent.

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Logs of failed event upload:

APM Server transport error (ERR_TLS_CERT_ALTNAME_INVALID): Hostname/IP does not match certificate's altnames: Host: 2181ff97dfc0444f879ac2b36b34ad67.apm.us-central1.gcp.cloud.es.io. is not in the cert's altnames: DNS:.gcp.cloud.es.io, DNS:.apm.europe-west1.gcp.cloud.es.io, DNS:apm.europe-west1.gcp.cloud.es.io, DNS:.apm.europe-west3.gcp.cloud.es.io, DNS:apm.europe-west3.gcp.cloud.es.io, DNS:.apm.us-central1.gcp.cloud.es.io, DNS:apm.us-central1.gcp.cloud.es.io, DNS:.apm.us-west1.gcp.cloud.es.io, DNS:apm.us-west1.gcp.cloud.es.io, DNS:.us-central1.gcp.cloud.es.io, DNS:us-central1.gcp.cloud.es.io, DNS:.europe-west1.gcp.cloud.es.io, DNS:europe-west1.gcp.cloud.es.io, DNS:.europe-west3.gcp.cloud.es.io, DNS:europe-west3.gcp.cloud.es.io, DNS:*.us-west1.gcp.cloud.es.io, DNS:us-west1.gcp.cloud.es.io, DNS:gcp.cloud.es.io

stephenbelanger · October 7, 2019, 8:22pm

The Node.js agent doesn't currently support custom certs. How are you trying to use it currently?

system · October 28, 2019, 4:22pm

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.