Flask Integration issues with Self Signed Certificate via Fleet

Yogesh_AS · May 13, 2024, 6:15am

Hi Team ,

Advance thanks for helping me out
andI am trying to monitor the flask application metrices I am getting an error like given below
Failed to submit message: "Unable to reach APM Server: HTTPSConnectionPool(host='IP', port=8300): Max retries exceeded with url: /intake/v2/events (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)'))) (url: https://IP:8300/intake/v2/events)"

The Flask code is

import requests
app = Flask(name)
app.config['ELASTIC_APM'] = {
'SERVICE_NAME': 'amtfleet',
'SECRET_TOKEN': 'hi',
'SERVER_URL': 'https://IP:8300',
'ENVIRONMENT': 'my-environment',
'LOG_LEVEL': 'debug',
'DEBUG': True
}
apm = ElasticAPM(app)

Let me know in the code what to add to get it verify the certificate for self-signed certificate I have a fleet-server.crt and key but I am not getting how to add it as trusted certificate.

carly.richmond · May 13, 2024, 10:37am

Hi @Yogesh_AS,

You look to be right that it's a certificate issue. Have you tried specifying the SERVER_CERT option? I see an example snippet in this GitHub issue which could help.

Let us know if that resolves your issue.

Yogesh_AS · May 14, 2024, 5:34am

Hi @carly.richmond ,

Thanks for helping me out I have added these parameter.
its worked.

from elasticapm.contrib.flask import ElasticAPM

app = Flask(name)
app.config['ELASTIC_APM'] = {
'SERVICE_NAME': 'amtf',
'SECRET_TOKEN': 'aamt',
'ELASTIC_APM_SERVER_URL': 'https://10.10.100.59:8200',
'ENVIRONMENT': 'my-environment',
'INSTRUMENT' : True,
'VERIFY_SERVER_CERT' : True,
'SERVER_CERT': '/root/fleet-server.crt',
'SERVER_CA_CERT_FILE' : '/root/ca.pem',
'LOG_LEVEL': 'debug',
'DEBUG': True
}
apm = ElasticAPM(app)

I have a doubt that when we install elastic-agent is it possible to get APM & Infra Metrices without installing APM Agent in managed environment.