Elastic stack with Fleet Server - certificate issue

I'm trying to set up an all-in-one docker compose configuration for the Elastic Stack consisting of Elastic Search, Kibana, APM (I know it's being deprecated as a stand-alone service; for the time being this is for backwards compatibility) and Elastic Agent as Fleet Server.

To that end I'm setting up the following ENV variables for the elastic-agent image:

        - KIBANA_HOST=https://kibana:5601
        - KIBANA_CA=/certs/ca/ca.crt
        - KIBANA_USERNAME=elastic
        - ELASTICSEARCH_HOST=https://elastic-search:9200
        - ELASTICSEARCH_CA=/certs/ca/ca.crt
        - KIBANA_FLEET_SETUP=true
        - KIBANA_FLEET_CA=/certs/ca/ca.crt
        - FLEET_SERVER_ENABLE=true
        - FLEET_SERVER_PORT=8220
#        - FLEET_SERVER_CERT=/certs/fleet-server/fleet-server.crt
#        - FLEET_SERVER_CERT_KEY=/certs/fleet-server/fleet-server.key

The last 2 variables have been deliberately commented. When the agent is started using the variables as they are currently (i.e. WITHOUT specifying the custom certificate files), then it fires up nicely and registers as a Fleet Server. However a self-signed certificate seems to be used (sort of to be expected, given that no certificate is provided in the configuration).

Alas if I uncomment the additional 2 lines to specify the certificate then the agent fails to start with the error:

Error: url is required when a certificate is provided

However, if I add FLEET_URL variable (which seems to be what the error suggests) then the fleet will also fail as it then seem to attempt to register WITH that fleet-server URL (i.e. with itself, which at this point is incorrect).

I can't shake the feeling there's either a bug (unlikely) or I'm missing some fundamental understanding of what a Fleet Server is supposed to be... Can someone point me at the right track, please?


I believe the problem is the FLEET_SERVER_HOST, by the error you get, I believe FLEET_SERVER_HOST should be a URL, not an IP address. I don't remember by heart, but I believe you can use FLEET_SERVER_HOST=https://fleet:FLEET_PORT

I tried it like that (i.e. FLEET_SERVER_HOST=https://fleet-server:8220) but got the same results (i.e. "url is required" error).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.