Fleet Server - Error - x509: certificate is valid for 127.0.0.1, not x.x.x.x

Elastic Security
,
1

Dear, good afternoon!

I would like to ask for your support to solve a problem that I have been facing in the configuration of a fleet server in self mode, I created the CA, my Elasticsearch responds to HTTPS, I created a certificate following the procedure that is on the website https://www. Encrypt traffic in a self-managed cluster | Fleet and Elastic Agent Guide [7.14] | Elastic

but the error below occurs

image
image1878×166 23.8 KB

Fleet Server - Error - x509: certificate is valid for 127.0.0.1, not 192.168.50.71

kibana configuration

image
image931×803 47.8 KB

command i used

sudo elastic-agent enroll --url=https://192.168.50.7:8220 \

-f \

--fleet-server-es=https://192.168.50.71:9200 \

--fleet-server-service-token=xxxxxxxxxxxx
--fleet-server-policy=xxxxxxxxxxxxxxxx
--certificate-authorities=/etc/ssl/certs/Elasticsearch/ca.crt
--fleet-server-es-ca=/etc/ssl/certs/Elasticsearch/Elasticsearch.crt
--fleet-server-cert=/etc/ssl/certs/Elasticsearch/fleet-server/fleet-server.crt
--fleet-server-cert-key=/etc/ssl/certs/Elasticsearch/fleet-server/fleet-server.key

2

HI Carlos,

As the error message indicated the certificate that you created has been set for the localhost address (127.0.0.1), and not for the IP address that other machines will contact it by (192.168.50.71). You'll need to create a new certificate with the correct IP address.

1 Like
3

Thank you very much for the answer, do I create a certificate using openssl?

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.