Elasticsearch-setup-passwords commands with ERROR: Failed to verify bootstrap password

I am new to ElasticSearch.

I followed the steps in this page: Configuring SSL, TLS, and HTTPS to secure Elasticsearch, Kibana, Beats, and Logstash

I used
bin/elasticsearch-setup-passwords interactive -u 'https://abc.mysite.com:9200'
on step [2-6-4] Set built-in user password

Everything is fine to setup the service with SSL certificates. However, I want to change the password of 'elastic', and run
bin/elasticsearch-setup-passwords interactive -u 'https://abc.mysite.com:9200'

I encounter the following error:
$ bin/elasticsearch-setup-passwords interactive -u 'https://abc.mysite.com:9200'

Failed to authenticate user 'elastic' against 
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /etc/elasticsearch/elasticsearch.keystore

ERROR: Failed to verify bootstrap password

I also visit this post After X-pack Installation : Failed to authenticate user [elastic], understand that Change Password API can change the password of 'elastic' account:
curl -u elastic -XPUT 'https://abc.mysite.com:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'{"password":"12345678"}' -k

  1. May I know whether the error above must happen in the second time or later after the first run of 'elasticsearch-setup-passwords'?
  2. I do not know about what "bootstrap password" is. I do not change it. Is there a possible way I changed it in this page: Configuring SSL, TLS, and HTTPS to secure Elasticsearch, Kibana, Beats, and Logstash but I did not know?
  3. Can I have a way to use 'elasticsearch-setup-passwords' again? if not, does it mean 'elasticsearch-setup-passwords' is a once-time-command?

I am using a Cluster with 3 nodes. 2 nodes have these roles: dilmrt, and 1 node has these roles: dmv

You cannot run that command twice, it is quite explicitly a setup process that is run once.

See: elasticsearch-setup-passwords | Elasticsearch Reference [7.11] | Elastic

This command is intended for use only during the initial configuration of the Elasticsearch security features. It uses the elastic bootstrap password to run user management API requests. If your Elasticsearch keystore is password protected, before you can set the passwords for the built-in users, you must enter the keystore password. After you set a password for the elastic user, the bootstrap password is no longer active and you cannot use this command.

Thank you so much. You saved my time.

It is better not to use "ERROR:".

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.