Failed to determine the health of the cluster

When I run ./elasticsearch-reset-password -i -u elastic --url https://192.168.3.1:9200, it yields:

ERROR: Failed to determine the health of the cluster., with exit code 69

But when I remove the --url flag, I get:

ERROR: Failed to determine the health of the cluster. Unexpected http status [503], with exit code 65

If I run: curl -Lk -u elastic:password http://localhost:9200/_cluster/health?pretty=null, it gives me a 401 error. Solving this was the reason I tried to reset my password in the first place.

What is the meaning of these error code and how can I debug this ?

Configuration:

network.host: 192.168.3.1
http.port: 9200
xpack.security.enabled: true
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
  enabled: false
  keystore.path: certs/http.p12

xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["localhost"]
http.host: 0.0.0.0

@HarimbolaSantatra

How did you install?

The CLI commands are made to be run from the home directory not from inside the /bin directory. See the documentation... this is important

Also I am confused some places you are using http other you are using https

according to the you have https disabled so all connection would be via http

try running

bin/elasticsearch-reset-password -v -u elastic

1 Like

I always wonder why the doc always mentionned the bin/ folder! Got it!

Nevertheless I still got the same error.

Also, I fixed the scheme: if I try with

xpack.security.http.ssl:
  enabled: true

... it throws a new error with the same exit code:

java.security.cert.CertificateException: No subject alternative names matching IP address 192.168.3.1 found
        at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:160) ~[?:?]
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:101) ~[?:?]
        ...

ERROR: Failed to determine the health of the cluster., with exit code 69

I guess that I should recreate the certificate in order to include this IP address on it but I'm not sure of the step I should follow.

I found the solution! I noticed that it works when I disable my Ethernet network interface. That's because I did not install ES with this interface enabled so now the IP of it is not present in the certificate.

We need to set verification_mode: certificate

xpack.security.http.ssl:
  enabled: true
  verification_mode: certificate
1 Like