Fleet agent - x509: certificate signed by unknown authority

I have one fleet server, and 3 elastic agents in a K8S cluster.
server:

--env FLEET_ENROLL=1\
--env FLEET_SERVER_ENABLE=1\
--env FLEET_SERVER_ELASTICSEARCH_HOST=$(ELASTICSEARCHHOST)\
--env FLEET_SERVER_SERVICE_TOKEN=$(SERVICETOKEN)\
--env FLEET_SERVER_POLICY_ID=$(POLICYID)\
--env FLEET_SERVER_INSECURE_HTTP=true\
--env FLEET_INSECURE=true\
--env ELASTICSEARCH_USERNAME=user\
--env ELASTICSEARCH_PASSWORD=pass\
--env ELASTICSEARCH_CA=/usr/share/elastic-agent/2.crt\
--env FLEET_SERVER_ELASTICSEARCH_CA=/usr/share/elastic-agent/2.crt\
--volume /opt/elasticsearch/certs/ca.crt:/usr/share/elastic-agent/ca.crt:ro\
--volume /home/user/fleet/1.crt:/usr/share/elastic-agent/1.crt:ro\
--volume /home/user/fleet/2.crt:/usr/share/elastic-agent/2.crt:ro\

agent:


           env:
 16             - name: FLEET_ENROLL
 15               value: "1"
 14             # Set to true in case of insecure or unverified HTTP
 13             - name: FLEET_INSECURE
 12               value: "true"
 11               # The ip:port pair of fleet server
 10             - name: FLEET_URL
  9               value: "http://10.252.28.70:8220"
  8               # If left empty KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed
  7             - name: FLEET_ENROLLMENT_TOKEN
  6               value: "NWhCQm8zMEJMeGhVbEM1cDlnMUY6bFg0dTE3NElRMGEyQmVhRFllUm1xUQ=="
  5             - name: KIBANA_HOST
  4               value: ""
  3             - name: KIBANA_FLEET_USERNAME
  2               value: ""
  1             - name: KIBANA_FLEET_PASSWORD
43                value: ""
  1             - name: ELASTICSEARCH_CA
  2               value: "/tmp/2.crt"
  3             - name: FLEET_SERVER_ELASTICSEARCH_CA
  4               value: "/tmp/2.crt"

error:

{"log.level":"error","@timestamp":"2022-02-24T11:51:42.959Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":154},"message":"Failed to connect to backoff(elasticsearch(https://xlog:9200)): Get \"https://xlog:9200\": x509: certificate signed by unknown authority","service.name":"metricbeat","ecs.version":"1.6.0"}

what im missing ?
from the fleet server i dont have any error related with certs.

found how to fix it.

in Kibana UI in "Fleet settings"
added in "Elasticsearch output configuration (YAML)"

ssl.certificate_authorities: ["/tmp/2.crt"]

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.