Fleet Server - Error - x509: certificate is valid for 127.0.0.1, not x.x.x.x

Carlos_Vinicius · May 19, 2022, 7:16pm

Dear, good afternoon!

I would like to ask for your support to solve a problem that I have been facing in the configuration of a fleet server in self mode, I created the CA, my Elasticsearch responds to HTTPS, I created a certificate following the procedure that is on the website https://www. Encrypt traffic in a self-managed cluster | Fleet and Elastic Agent Guide [7.14] | Elastic

but the error below occurs

Fleet Server - Error - x509: certificate is valid for 127.0.0.1, not 192.168.50.71

kibana configuration

command i used

sudo elastic-agent enroll --url=https://192.168.50.7:8220 \

-f \

--fleet-server-es=https://192.168.50.71:9200 \

--fleet-server-service-token=xxxxxxxxxxxx
--fleet-server-policy=xxxxxxxxxxxxxxxx
--certificate-authorities=/etc/ssl/certs/Elasticsearch/ca.crt
--fleet-server-es-ca=/etc/ssl/certs/Elasticsearch/Elasticsearch.crt
--fleet-server-cert=/etc/ssl/certs/Elasticsearch/fleet-server/fleet-server.crt
--fleet-server-cert-key=/etc/ssl/certs/Elasticsearch/fleet-server/fleet-server.key

MichelLaterman · May 30, 2022, 5:09pm

HI Carlos,

As the error message indicated the certificate that you created has been set for the localhost address (127.0.0.1), and not for the IP address that other machines will contact it by (192.168.50.71). You'll need to create a new certificate with the correct IP address.

Carlos_Vinicius · May 30, 2022, 5:23pm

Thank you very much for the answer, do I create a certificate using openssl?

system · June 27, 2022, 5:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.