Filebeat can't connect to elastic - Cert unknown authority

Elastic Stack Beats
1

When trying to run "sudo filebeat setup -e" I get the below error about cert signed by unknown authority. I have not been able to figure this out. Any ideas what I am missing here?

Errors: [error connecting to Elasticsearch at https://localhost:9200: Get \"https://localhost:9200\": x509: certificate signed by unknown authority]","service.name":"filebeat","ecs.version":"1.6.0"}
Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://localhost:9200: Get "https://localhost:9200": x509: certificate signed by unknown authority]

Current filebeat.yml elastic output config.

# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  # Array of hosts to connect to.
        hosts: ["https://localhost:9200"]

        # Protocol - either `http` (default) or `https`.
  #protocol: "https"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
username: "elastic"
password: "notmypassword"
ssl:
  enabled: true
  ca_trusted_fingerprint: "87EA9A3E1FDD05EB35742DE84D2AE6D3BD8B567DDDE14F4C608B4467C688AA41"
2

Not sure if that is typo or mean but that is not correct syntax etc the indentation needs to be correct try this...

# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["https://localhost:9200"]
  username: "elastic"
  password: "notmypassword"
  ssl:
    enabled: true
    ca_trusted_fingerprint: "87EA9A3E1FDD05EB35742DE84D2AE6D3BD8B567DDDE14F4C608B4467C688AA41"

If you have incorrect indenting / syntax in other places in any of the .yml files you will have issues

3

Thank you. Sorry for being such a noob.

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.