Enrolling fleet using FQDN certificates

Hi, I came across some issues during installation of fleet server.
First of all i need the server to run on FQDn rather than on IP adress. So I started with generating certificates using dns instead of IP. The command I used is:


sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-cert "ca.cert path" --ca-key "ca key path" --pem --dns "node1.elastic.local" --out "instance folder".

After this I installed Elasticsearch, Kibana, filebeat, MetricBeat, Auditbeat and changed /etc/hosts file so that it point my local IP to node1.elastic.local. It is all on one debian machine. *.yml files are all using "node1.elastic.local" name instead of IP adress. Everything worked great unitll I wanted to enroll Fleet server.

I changed settings in fleet settings seection so that they corespond to my FQDN:

Then I used this command to enroll my Fleet server

./elastic-agent install --url=https://node1.elastic.local:8220   --fleet-server-es=https://node1.elastic.local:9200   --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2NjU0ODk0Mzk5MDg6NTNPZDFYSWlROFdFcEZmXzR0Rm9FZw   --fleet-server-policy=fleet-server-policy   --fleet-server-es-ca=/etc/elasticsearch/ca/ca.crt   --certificate-authorities=/etc/elasticsearch/ca/ca.crt   --fleet-server-cert=/etc/elasticsearch/instance/instance.crt   --fleet-server-cert-key=/etc/elasticsearch/instance/instance.key           

I tried using RPM and deb packages but every single time i get this error:

Elastic Agent will be installed at /opt/Elastic/Agent and will run as a service. Do you want to continue? [Y/n]:                                                                                                                                                                                                             {"log.level":"info","@timestamp":"2022-10-11T14:02:33.631+0200","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":792},"message":"Fleet Server - Starting","ecs.version":"1.6.0"}                                                                                                                                    {"log.level":"info","@timestamp":"2022-10-11T14:02:35.634+0200","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":773},"message":"Fleet Server - Running on policy with Fleet Server integration: fleet-server-policy","ecs.version":"1.6.0"}                                                                        {"log.level":"info","@timestamp":"2022-10-11T14:02:35.985+0200","log.origin":{"file.name":"cmd/enroll_cmd.go","file.line":471},"message":"Starting enrollment to URL: https://node1.elastic.local:8220/","ecs.version":"1.6.0"}                                                                                              Error: fail to enroll: fail to execute request to fleet-server: 1 error occurred:                                                                                                                                                                                                                                                    * missing enrollment api key  

I tried various commands. With certificates, without them. With url and without. Still Getting the same error for about a week. PLEASE help. Thank you in advance

I compared your elastic agent command with the one i used and i think you need to replace install with enroll and remove the url param

./elastic-agent enroll --fleet-server-es=https://node1.elastic.local:9200
   --fleet-server-service-token=AAEAAWVsYXN0aWMvZmxlZXQtc2VydmVyL3Rva2VuLTE2NjU0ODk0Mzk5MDg6NTNPZDFYSWlROFdFcEZmXzR0Rm9FZw
   --fleet-server-policy=fleet-server-policy
   --fleet-server-es-ca=/etc/elasticsearch/ca/ca.crt
   --certificate-authorities=/etc/elasticsearch/ca/ca.crt
   --fleet-server-cert=/etc/elasticsearch/instance/instance.crt
   --fleet-server-cert-key=/etc/elasticsearch/instance/instance.key

that worked for me

I used it with enroll, but the url parametr is required when I provide certificates.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.