I tried setting up TLS with reference to Encrypt traffic in a self-managed cluster | Fleet User Guide [7.13] | Elastic.
However, I faced Error: fail to enroll: fail to execute request to fleet-server: x509: certificate signed by unknown authority
without the insecure flag.
Exact flags was used on a centos container and was able to enroll successfully provided with the exact certificates.
Following is my docker-compose config to run the fleet server in my infrastructure.
fleet_server01:
image: docker.elastic.co/beats/elastic-agent:${VERSION}
container_name: fleet
ports:
- 8220:8220
networks:
- elastic
hostname: docker-fleet-server
volumes:
- ./certs:$CERTS_DIR
environment:
FLEET_SERVER_ENABLE: 1
FLEET_URL: $FLEET_URL #Host IP,Port 8220
FLEET_CA: $CERTS_DIR/ca/ca.crt
FLEET_SERVER_CERT: $CERTS_DIR/fleet_server01/fleet_server01.crt
FLEET_SERVER_CERT_KEY: $CERTS_DIR/fleet_server01/fleet_server01.key
FLEET_SERVER_ELASTICSEARCH_HOST: $ES_URL #Host IP, Port 9200
FLEET_SERVER_SERVICE_TOKEN: $SERVICE_TOKEN
FLEET_SERVER_ELASTICSEARCH_CA: $CERTS_DIR/ca/ca.crt
FLEET_SERVER_POLICY_ID: $FLEET_POLICY_ID
#FLEET_INSECURE: "true"