Failed to connect to Elastic search backend.make sure it is running and healthy

I am trying to set app search on my linux server. All the prerequisites are done and I am at the last step to start it.

It gives the below 2 errors

  • Failed to connect to Elasticsearch backend.Make sure it is running and healthy.
    -PKIX path building failed :sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Has any one face this issue??

Hi Saqeeb,

This StackOverflow post has some solutions to this error message, have you tried them?

Thanks for your response..

Yes we tried the following along with the link you shared:

https://www.bmc.com/blogs/install-elastic-enterprise-search/

The request goes like this when trying to start it, if that can help in answering:
2021-03-24T14:51:05.943+00:00][6313][2002][es][DEBUG]: [pre-flight] {
"request": {
"url": "https://.domain.com:9200",
"method": "get",
"headers": {
"Authorization": "[FILTERED]",
"Content-Type": "application/json",
"User-Agent": "Faraday v0.17.3"
},
"params": null,
"body": null
}

We don't recommend using unofficial installation docs.

The article that you linked has instructions for installing Enterprise Search 7.5.0 (which at that time was what is currently called Workplace Search). It could be that instructions in that article somehow broke your setup.

I recommend starting from scratch by only following the instructions in the official docs: Installation | Elastic Enterprise Search Documentation [7.12] | Elastic

Let me know if you still see the error after going through the instructions.

Yes.. Our team tried reinstalling the enterprise search using the link you provided(v7.12) but no luck. We have the same error again.

Note: This is on the Linux server.

I wonder if it's the problem with Enterprise Search or Elasticsearch.

  1. Are there any errors in Elasticsearch logs?
  2. What do you see when you access the Elasticsearch endpoint? For local setup it's http://localhost:9200 (you might need to access a different endpoint depending on where Elasticsearch is being run).

There is no much details in logs except that says App-Search has tried to connect.

Elasticsearch is up and running with below response with below response on curl:

Enter host password for user 'elastic':
{
"name" : "servername",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "FmsLHT3yRw-p8Hz3ZwfLiw",
"version" : {
"number" : "7.11.1",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "ff17057114c2199c9c1bbecc727003a907c0db7a",
"build_date" : "2021-02-15T13:44:09.394032Z",
"build_snapshot" : false,
"lucene_version" : "8.7.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

Even Kibana is up and running on same server.

I found the error on this page: https://www.elastic.co/guide/en/elasticsearch/reference/current/trb-security-sslhandshake.html:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target and javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

This SunCertPathBuilderException indicates that a certificate was returned during the handshake that is not trusted. This message is seen on the client side of the connection. The SSLException is seen on the server side of the connection. The CA certificate that signed the returned certificate was not found in the keystore or truststore and needs to be added to trust this certificate.

I don't understand the error, but I think there's a problem with Elasticsearch configuration that prevents Enterprise Search from connecting to it.

  1. Has your Elasticsearch instance been used for anything other than Enterprise Search (in other words, is it not a fresh download)? If yes, does the problem appear if you point Enterprise Search to a fresh Elasticsearch instance?

  2. Could you send the contents of your config/elasticsearch.yml file?

This is a fresh server. We setup the elasticsearch and kibana first. Now we are trying to install app search.
No other dependencies.

Below is the elasticsearch.yml file. For masking purpose I have replaced the actual value by "example" for some values. But otherwise it is as in the server.

======================== Elasticsearch Configuration =========================

NOTE: Elasticsearch comes with reasonable defaults for most settings.

Before you set out to tweak and tune the configuration, make sure you

understand what are you trying to accomplish and the consequences.

The primary way of configuring a node is via this file. This template lists

the most important settings you may want to configure for a production cluster.

Please consult the documentation for further information on configuration options:

Elasticsearch Reference | Elastic

---------------------------------- Cluster -----------------------------------

Use a descriptive name for your cluster:

#cluster.name:

------------------------------------ Node ------------------------------------

Use a descriptive name for the node:

node.name: example

Add custom attributes to the node:

#node.attr.rack: r1

----------------------------------- Paths ------------------------------------

Path to directory where to store the data (separate multiple locations by comma):

path.data: /vol/data/elasticsearch

Path to log files:

path.logs: /var/log/elasticsearch

----------------------------------- Memory -----------------------------------

Lock the memory on startup:

#bootstrap.memory_lock: false

Make sure that the heap size is set to about half the memory available

on the system and that the owner of the process is allowed to use this

limit.

Elasticsearch performs poorly when the system is swapping the memory.

---------------------------------- Network -----------------------------------

transport.tcp.port: 9300

Set the bind address to a specific IP (IPv4 or IPv6):

network.host: [local, localhost, 10.196.242.82, example]

Set a custom port for HTTP:

#http.port: 9200

For more information, consult the network module documentation.

--------------------------------- Discovery ----------------------------------

Pass an initial list of hosts to perform discovery when this node is started:

The default list of hosts is ["127.0.0.1", "[::1]"]

discovery.seed_hosts: ["example"]

Bootstrap the cluster using an initial set of master-eligible nodes:

cluster.initial_master_nodes: ["example"]

For more information, consult the discovery and cluster formation module documentation.

---------------------------------- Gateway -----------------------------------

Block initial recovery after a full cluster restart until N nodes are started:

#gateway.recover_after_nodes: 3

For more information, consult the gateway module documentation.

---------------------------------- Various -----------------------------------

Require explicit names when deleting indices:

#action.destructive_requires_name: true
gateway.recover_after_data_nodes: 1
gateway.expected_data_nodes: 1
action.auto_create_index: .kibana,.security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-node.p12
xpack.security.transport.ssl.truststore.path: elastic-node.p12
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: example.key
xpack.security.http.ssl.certificate: example.cer
xpack.security.http.ssl.certificate_authorities: example.cer
xpack.security.authc.api_key.enabled: true

This config has many options that are not listed in the Enterprise Search docs.
Looks like Elasticsearch security is not configured correctly and that prevents Enterprise Search from connecting to it.

I'm afraid I won't be able to help with the Elasticsearch configuration. I recommend asking for help on the Elasticsearch forum: Elasticsearch - Discuss the Elastic Stack