we have an Elasticsearch cluster with the version "7.17.5"
The certificate has expired. I have renewed the certificate but somehow the cluster does not accept the certificate. It still has the old certificate because the error in the logs refers to the date of the old certificate.
the configuration of the cluster is:
bootstrap.memory_lock: true
cluster.initial_master_nodes:
- gl-vn01-es.
- gl-vn02-es
cluster.name: Graylog
discovery.seed_hosts: - gl-vn01-es.
- gl-vn02-es.
- gl-vn03-es.
http.port: 9200
network.host: 0.0.0.0
network.publish_host: gl-vn01-es.
node.name: gl-vn01-es.
node.roles: - data
- master
transport.port: 9300
#################################### Paths ####################################
Path to directory containing configuration (this file and logging.yml):
path.data: /mnt/elasticsearch
path.logs: /var/log/elasticsearch
action.auto_create_index: true
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: "certificate"
xpack.security.transport.ssl.key: "/etc/elasticsearch/es.key"
xpack.security.transport.ssl.certificate: "/etc/elasticsearch/es.crt"
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: "/etc/elasticsearch/es.key"
the error in the logs is:
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorExcep
tion: validity check failed
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Oct 21 11:55:10 CEST 2022