Kibana doesn't work due to change ip

Hi Guys,

I need your help ! I installed ELK few days ago, however, my Ip has changed and now i canno't reach the Kibana page. It's write " Kibana server is not ready yet". What's the process to fix it ?
I guess, I have to regenerate certificat ??

Best regards

Hi @Gabin_17,

Welcome to the community! I would recommend checking the Kibana logs for the precise error, as covered in the troubleshooting guide here.

Do share any errors you find and we can advise further.

Hope that helps!

1 Like

Voilà les logs

[2023-12-13T16:46:49.620+01:00][INFO ][root] Kibana is starting
[2023-12-13T16:46:49.642+01:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui]
[2023-12-13T16:47:12.671+01:00][INFO ][plugins-service] Plugin "cloudChat" is disabled.
[2023-12-13T16:47:12.675+01:00][INFO ][plugins-service] Plugin "cloudExperiments" is disabled.
[2023-12-13T16:47:12.676+01:00][INFO ][plugins-service] Plugin "cloudFullStory" is disabled.
[2023-12-13T16:47:12.676+01:00][INFO ][plugins-service] Plugin "cloudGainsight" is disabled.
[2023-12-13T16:47:12.765+01:00][INFO ][plugins-service] Plugin "profilingDataAccess" is disabled.
[2023-12-13T16:47:12.765+01:00][INFO ][plugins-service] Plugin "profiling" is disabled.
[2023-12-13T16:47:12.798+01:00][INFO ][plugins-service] Plugin "securitySolutionServerless" is disabled.
[2023-12-13T16:47:12.799+01:00][INFO ][plugins-service] Plugin "serverless" is disabled.
[2023-12-13T16:47:12.800+01:00][INFO ][plugins-service] Plugin "serverlessObservability" is disabled.
[2023-12-13T16:47:12.800+01:00][INFO ][plugins-service] Plugin "serverlessSearch" is disabled.
[2023-12-13T16:47:12.956+01:00][INFO ][http.server.Preboot] http server running at http://localhost:5601
[2023-12-13T16:47:13.067+01:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2023-12-13T16:47:13.092+01:00][WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior before upgrading.
[2023-12-13T16:47:13.951+01:00][INFO ][plugins-system.standard] Setting up [147] plugins: [devTools,translations,share,screenshotMode,usageCollection,telemetryCollectionManager,telemetryCollectionXpack,taskManager,kibanaUsageCollection,cloud,newsfeed,savedObjectsFinder,noDataPage,monitoringCollection,metricsDataAccess,licensing,mapsEms,globalSearch,globalSearchProviders,features,guidedOnboarding,banners,licenseApiGuard,customBranding,ftrApis,fieldFormats,expressions,screenshotting,esUiShared,customIntegrations,contentManagement,dataViews,home,searchprofiler,painlessLab,management,spaces,security,telemetry,licenseManagement,snapshotRestore,lists,files,encryptedSavedObjects,eventLog,actions,notifications,cloudDataMigration,advancedSettings,grokdebugger,console,bfetch,data,savedObjectsTagging,savedObjectsManagement,unifiedSearch,graph,alerting,embeddable,uiActionsEnhanced,savedSearch,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,fileUpload,ingestPipelines,ecsDataQualityDashboard,dataViewFieldEditor,dataViewManagement,charts,watcher,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeMarkdown,visTypeHeatmap,inputControlVis,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,eventAnnotation,expressionXY,dashboard,triggersActionsUi,transform,stackConnectors,stackAlerts,ruleRegistry,links,lens,maps,discover,reporting,canvas,fleet,logExplorer,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,cloudSecurityPosture,discoverEnhanced,dataVisualizer,cases,timelines,sessionView,kubernetesSecurity,cloudDefend,threatIntelligence,osquery,observabilityLogExplorer,observabilityAIAssistant,logsShared,aiops,observability,observabilityOnboarding,ml,uptime,synthetics,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,elasticAssistant,securitySolution,securitySolutionEss,dashboardEnhanced,apmDataAccess,assetManager,apm]
[2023-12-13T16:47:13.959+01:00][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: cc1cea38-611e-4808-9f47-c6af88b41758
[2023-12-13T16:47:13.993+01:00][INFO ][custom-branding-service] CustomBrandingService registering plugin: customBranding
[2023-12-13T16:47:14.047+01:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.048+01:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2023-12-13T16:47:14.067+01:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.068+01:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2023-12-13T16:47:14.088+01:00][WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.093+01:00][WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.097+01:00][INFO ][plugins.notifications] Email Service Error: Email connector not specified.
[2023-12-13T16:47:14.164+01:00][INFO ][plugins.alerting] using indexes and aliases for persisting alerts
[2023-12-13T16:47:14.166+01:00][WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.452+01:00][INFO ][plugins.alerting] Registering resources for context "stack".
[2023-12-13T16:47:14.473+01:00][WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.525+01:00][INFO ][plugins.cloudSecurityPosture] Registered task successfully [Task: cloud_security_posture-stats_task]
[2023-12-13T16:47:14.568+01:00][INFO ][plugins.alerting] Registering resources for context "observability.slo".
[2023-12-13T16:47:14.571+01:00][INFO ][plugins.alerting] Registering resources for context "observability.threshold".
[2023-12-13T16:47:14.588+01:00][INFO ][plugins.alerting] Registering resources for context "ml.anomaly-detection".
[2023-12-13T16:47:14.598+01:00][INFO ][plugins.alerting] Registering resources for context "observability.uptime".
[2023-12-13T16:47:14.620+01:00][INFO ][plugins.alerting] Registering resources for context "observability.logs".
[2023-12-13T16:47:14.624+01:00][INFO ][plugins.alerting] Registering resources for context "observability.metrics".
[2023-12-13T16:47:14.706+01:00][INFO ][plugins.alerting] Registering resources for context "security".
[2023-12-13T16:47:14.742+01:00][INFO ][plugins.assetManager] Server is NOT enabled
[2023-12-13T16:47:14.748+01:00][INFO ][plugins.alerting] Registering resources for context "observability.apm".
[2023-12-13T16:47:14.850+01:00][INFO ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, and is supported for Win32 OS. Automatically enabling Chromium sandbox.
[2023-12-13T16:47:14.908+01:00][INFO ][plugins.screenshotting.chromium] Browser executable: C:\Users\Test\Documents\Suite ELK\kibana-8.11.1\node_modules\@kbn\screenshotting-plugin\chromium\chrome-win\chrome.exe
[2023-12-13T16:47:14.994+01:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. self-signed certificate in certificate chain 

Et il me dit qu'il y a un problème avec le certificat car ducoup dans le fichier de conf de kibana.yml, j'ai modifié le elastic.host avec ma nouvelle IP

Yes, you're absolutely right that there is a certificate issue. I think regenerating the certificate might be a useful thing to look at. I'd recommend having a look at this similar thread as well to validate your certificate settings.

1 Like

Thank you for your link. However, I tried to do that, but when i want to regenerate thanks to his command, it asks me for a password ?
C:\Users\Test\Desktop>openssl pkcs12 -in transport.p12 -out newfile.crt.pem -clcerts -nokeys
Enter Import Password: Mac verify error: invalid password?

What is this password ?

Have you tried using the Elasticsearch util as described in the security setup documentation?

1 Like

Now I do, but I don't understand the mistake I made.

 fatal exception while booting Elasticsearchorg.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [C:\Users\Test\Documents\Suite ELK\elasticsearch-8.11.1\config\certs\elastic-certificates.p12] - this is usually caused by an incorrect password; (a keystore password was provided)

However, during the certification generate, I didn't set a password ?

Here is my elasticsearch.yml :

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/elastic-certificates.p12
  truststore.path: certs/elastic-certificates.p12



# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["Test"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

After research that i want, I found something and I followed the process. I executed this command :

bin\elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password
xxxxxxxxx

xxxxxx means the password

But how i use it, it's not write on the process

Link : Error: [o.e.b.Elasticsearch ] fatal exception while booting Elasticsearchorg.elasticsearch.bootstrap.StartupException: org.elasticsearch.ElasticsearchSecurityException:

Ok, my bad, I had to overwrite on the previous password with this command :

bin\elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

So now my Elasticsearch start, but i still have the same issue on Kibana.

See my kibana.yml

elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.serviceAccountToken: "XXXXXXXXXXXXXXXXXXXX"
elasticsearch.ssl.certificateAuthorities: ['C:\Users\Test\Documents\Suite ELK\elasticsearch-8.11.1\config\certs\elastic-certificates.p12']
elasticsearch.ssl.verificationMode: certificate

Ok good on elastic...

That is not correct that is the cert not the CA. Assuming you did autosetup on the certs on elasticsearch there should be a file...

http_ca.crt you need to use that in that setting

1 Like

Oh thank it works, even if i still have some issues

[2023-12-14T16:41:13.838+01:00][ERROR][plugins.fleet] Failed to fetch latest version of synthetics from registry: Error connecting to package registry: request to https://epr.elastic.co/search?package=synthetics&prerelease=true&kibana.version=8.11.1 failed, reason: self-signed certificate in certificate chain
[2023-12-14T16:41:13.872+01:00][WARN ][plugins.fleet] xpack.encryptedSavedObjects.encryptionKey is not configured, private key passphrase is being stored in plain text
[2023-12-14T16:41:13.883+01:00][WARN ][plugins.fleet] xpack.encryptedSavedObjects.encryptionKey is not configured, agent uninstall tokens are being stored in plain text
[2023-12-14T16:41:13.918+01:00][INFO ][plugins.fleet] Fleet setup completed
[2023-12-14T16:41:13.920+01:00][INFO ][plugins.securitySolution] Dependent plugin setup complete - Starting ManifestTask
[2023-12-14T16:41:13.922+01:00][INFO ][plugins.securitySolution.endpoint.policyProtections] App feature [endpoint_policy_protections] is enabled. Nothing to do!
[2023-12-14T16:41:14.990+01:00][ERROR][plugins.fleet] Failed to fetch latest version of synthetics from registry: Error connecting to package registry: request to https://epr.elastic.co/search?package=synthetics&prerelease=true&kibana.version=8.11.1 failed, reason: self-signed certificate in certificate chain
[2023-12-14T16:41:14.996+01:00][INFO ][plugins.synthetics] Installed synthetics index templates
[2023-12-14T16:41:15.438+01:00][INFO ][status] Kibana is now available (was degraded)

Kibana.yml

elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.serviceAccountToken: "XXXXXXXXXXXXXXXXXX"
elasticsearch.ssl.certificateAuthorities: ['C:\Users\test\Documents\Suite ELK\kibana-8.11.1\data\ca_1xxxxxxx.crt']
elasticsearch.ssl.verificationMode: certificate

And just one question, the kibana's certificat is signed with my private key ? Is that right ?

I do not know. It depends on how you set up the certificates.

And you are "Degraded" you should set

xpack.encryptedSavedObjects.encryptionKey

Just set it to a random 32 string...

1 Like

I have this error too !

Share your entire kibana.yml

How did you setup the fleet server?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.