I receive this error in filebeat can I help me

I receive this error in filebeat {"log.level":"error","@timestamp":"2023-10-12T12:30:33.238Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":148},"message":"Failed to connect to backoff(elasticsearch(https://elasticsearch:9200)): Get \"https://elasticsearch:9200\": x509: certificate has expired or is not yet valid: current time 2023-10-12T12:29:40Z is before 2023-10-12T12:29:46Z","service.name":"filebeat","ecs.version":"1.6.0"}
This is my filebeat.yml

filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false

filebeat.autodiscover:
  providers:
    - type: docker
      templates:
        - condition.or:
            - contains.docker.container.image: ${IMAGE_APP}:${IMAGE:TAG}
            - contains.docker.container.image: ${IMAGE_APP}:${IMAGE:TAG}
            - contains.docker.container.image: ${IMAGE_APP}:${IMAGE:TAG}
          config:        
            - type: container
              paths:
                - /var/lib/docker/containers/${data.docker.container.id}/*.log
processors:
  - add_docker_metadata:
      host: "unix:///var/run/docker.sock"
# ##################################################
# The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
multiline.pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} - *$
# Defines if the pattern set under pattern should be negated or not. Default is false.
multiline.negate: true
# Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
multiline.match: after

# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  hosts: ${ELASTIC_HOSTS} 
  index: "file_lucual18-%{+yyyy.MM.dd}"
  indices:
    - index: "condor_nest-%{[beat.version]}-%{+yyyy.MM.dd}"
      when.contains:
        docker.container.image: registry.gitlab.com/lucual18/condor/condor-nest
    - index: "condor_crag-%{[beat.version]}-%{+yyyy.MM.dd}"
      when.contains:
        docker.container.image: registry.gitlab.com/lucual18/condor/condor-crag
    - index: "invoicy_v2-%{[beat.version]}-%{+yyyy.MM.dd}"
      when.contains:
        docker.container.image: registry.gitlab.com/lucual18/invoicy/invoicy_v2/invoicy-appv2/pre

  # Protocol - either `http` (default) or `https`.
  #protocol: "https"
  username: ${ELASTIC_USERNAME}
  password: ${ELASTIC_PASSWORD}

  # Use SSL settings for HTTPS.
  ssl.enabled: true

  # List of root certificates for HTTPS server verifications
  ssl.certificate_authorities: "certs/ca/ca.crt"

  # Certificate for SSL client authentication
  ssl.certificate: "certs/elasticsearch/elasticsearch.crt"

  # Client certificate key
  ssl.key: "certs/elasticsearch/elasticsearch.key"

setup.template.name: "file_lucual18"
setup.template.pattern: "file_lucual18-*"

#kibana setup
setup.kibana:
  host: ${KIBANA_HOSTS}
  username: ${ELASTIC_USER}
  password: ${ELASTIC_PASSWORD}
  setup.dashboards.enabled: true

setup.dashboards.retry.interval: 10s
setup.dashboards.retry.maximum: 5
setup.ilm.enabled: false
setup.ilm.check_exists: false
logging.json: true
logging.metrics.enabled: false

I think the certificate is valid now. If you still have an issue, try to add, just temporary: ssl.verification_mode: none

Really I dont know what happens because I run this command from filebeat container: curl --cacert /tmp/ca.crt -u elastic:changeme https://localhost:9200 the reponse its:

{
  "name" : "elasticsearch",
  "cluster_name" : "ll-monitoring",
  "cluster_uuid" : "g-sdsfwrRTRBB9XMiezjYWQ",
  "version" : {
    "number" : "8.10.2",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "9d8s8d9f8d9g9hg9f8d9faca96427de4622e970e9e",
    "build_date" : "2023-09-19T08:16:24.564900370Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

This is a workaround, establish HTTPS, but do not check the certificate.
Might be you don't have permission to certs. Should be investigated.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.