Hi Guys,
I need your help ! I installed ELK few days ago, however, my Ip has changed and now i canno't reach the Kibana page. It's write " Kibana server is not ready yet". What's the process to fix it ?
I guess, I have to regenerate certificat ??
Best regards
Hi @Gabin_17,
Welcome to the community! I would recommend checking the Kibana logs for the precise error, as covered in the troubleshooting guide here.
Do share any errors you find and we can advise further.
Hope that helps!
Voilà les logs
[2023-12-13T16:46:49.620+01:00][INFO ][root] Kibana is starting
[2023-12-13T16:46:49.642+01:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui]
[2023-12-13T16:47:12.671+01:00][INFO ][plugins-service] Plugin "cloudChat" is disabled.
[2023-12-13T16:47:12.675+01:00][INFO ][plugins-service] Plugin "cloudExperiments" is disabled.
[2023-12-13T16:47:12.676+01:00][INFO ][plugins-service] Plugin "cloudFullStory" is disabled.
[2023-12-13T16:47:12.676+01:00][INFO ][plugins-service] Plugin "cloudGainsight" is disabled.
[2023-12-13T16:47:12.765+01:00][INFO ][plugins-service] Plugin "profilingDataAccess" is disabled.
[2023-12-13T16:47:12.765+01:00][INFO ][plugins-service] Plugin "profiling" is disabled.
[2023-12-13T16:47:12.798+01:00][INFO ][plugins-service] Plugin "securitySolutionServerless" is disabled.
[2023-12-13T16:47:12.799+01:00][INFO ][plugins-service] Plugin "serverless" is disabled.
[2023-12-13T16:47:12.800+01:00][INFO ][plugins-service] Plugin "serverlessObservability" is disabled.
[2023-12-13T16:47:12.800+01:00][INFO ][plugins-service] Plugin "serverlessSearch" is disabled.
[2023-12-13T16:47:12.956+01:00][INFO ][http.server.Preboot] http server running at http://localhost:5601
[2023-12-13T16:47:13.067+01:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2023-12-13T16:47:13.092+01:00][WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior before upgrading.
[2023-12-13T16:47:13.951+01:00][INFO ][plugins-system.standard] Setting up [147] plugins: [devTools,translations,share,screenshotMode,usageCollection,telemetryCollectionManager,telemetryCollectionXpack,taskManager,kibanaUsageCollection,cloud,newsfeed,savedObjectsFinder,noDataPage,monitoringCollection,metricsDataAccess,licensing,mapsEms,globalSearch,globalSearchProviders,features,guidedOnboarding,banners,licenseApiGuard,customBranding,ftrApis,fieldFormats,expressions,screenshotting,esUiShared,customIntegrations,contentManagement,dataViews,home,searchprofiler,painlessLab,management,spaces,security,telemetry,licenseManagement,snapshotRestore,lists,files,encryptedSavedObjects,eventLog,actions,notifications,cloudDataMigration,advancedSettings,grokdebugger,console,bfetch,data,savedObjectsTagging,savedObjectsManagement,unifiedSearch,graph,alerting,embeddable,uiActionsEnhanced,savedSearch,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,fileUpload,ingestPipelines,ecsDataQualityDashboard,dataViewFieldEditor,dataViewManagement,charts,watcher,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeMarkdown,visTypeHeatmap,inputControlVis,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,eventAnnotation,expressionXY,dashboard,triggersActionsUi,transform,stackConnectors,stackAlerts,ruleRegistry,links,lens,maps,discover,reporting,canvas,fleet,logExplorer,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,cloudSecurityPosture,discoverEnhanced,dataVisualizer,cases,timelines,sessionView,kubernetesSecurity,cloudDefend,threatIntelligence,osquery,observabilityLogExplorer,observabilityAIAssistant,logsShared,aiops,observability,observabilityOnboarding,ml,uptime,synthetics,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,elasticAssistant,securitySolution,securitySolutionEss,dashboardEnhanced,apmDataAccess,assetManager,apm]
[2023-12-13T16:47:13.959+01:00][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: cc1cea38-611e-4808-9f47-c6af88b41758
[2023-12-13T16:47:13.993+01:00][INFO ][custom-branding-service] CustomBrandingService registering plugin: customBranding
[2023-12-13T16:47:14.047+01:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.048+01:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2023-12-13T16:47:14.067+01:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.068+01:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2023-12-13T16:47:14.088+01:00][WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.093+01:00][WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.097+01:00][INFO ][plugins.notifications] Email Service Error: Email connector not specified.
[2023-12-13T16:47:14.164+01:00][INFO ][plugins.alerting] using indexes and aliases for persisting alerts
[2023-12-13T16:47:14.166+01:00][WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.452+01:00][INFO ][plugins.alerting] Registering resources for context "stack".
[2023-12-13T16:47:14.473+01:00][WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2023-12-13T16:47:14.525+01:00][INFO ][plugins.cloudSecurityPosture] Registered task successfully [Task: cloud_security_posture-stats_task]
[2023-12-13T16:47:14.568+01:00][INFO ][plugins.alerting] Registering resources for context "observability.slo".
[2023-12-13T16:47:14.571+01:00][INFO ][plugins.alerting] Registering resources for context "observability.threshold".
[2023-12-13T16:47:14.588+01:00][INFO ][plugins.alerting] Registering resources for context "ml.anomaly-detection".
[2023-12-13T16:47:14.598+01:00][INFO ][plugins.alerting] Registering resources for context "observability.uptime".
[2023-12-13T16:47:14.620+01:00][INFO ][plugins.alerting] Registering resources for context "observability.logs".
[2023-12-13T16:47:14.624+01:00][INFO ][plugins.alerting] Registering resources for context "observability.metrics".
[2023-12-13T16:47:14.706+01:00][INFO ][plugins.alerting] Registering resources for context "security".
[2023-12-13T16:47:14.742+01:00][INFO ][plugins.assetManager] Server is NOT enabled
[2023-12-13T16:47:14.748+01:00][INFO ][plugins.alerting] Registering resources for context "observability.apm".
[2023-12-13T16:47:14.850+01:00][INFO ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, and is supported for Win32 OS. Automatically enabling Chromium sandbox.
[2023-12-13T16:47:14.908+01:00][INFO ][plugins.screenshotting.chromium] Browser executable: C:\Users\Test\Documents\Suite ELK\kibana-8.11.1\node_modules\@kbn\screenshotting-plugin\chromium\chrome-win\chrome.exe
[2023-12-13T16:47:14.994+01:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. self-signed certificate in certificate chain
Et il me dit qu'il y a un problème avec le certificat car ducoup dans le fichier de conf de kibana.yml, j'ai modifié le elastic.host avec ma nouvelle IP
Yes, you're absolutely right that there is a certificate issue. I think regenerating the certificate might be a useful thing to look at. I'd recommend having a look at this similar thread as well to validate your certificate settings.
Thank you for your link. However, I tried to do that, but when i want to regenerate thanks to his command, it asks me for a password ?
C:\Users\Test\Desktop>openssl pkcs12 -in transport.p12 -out newfile.crt.pem -clcerts -nokeys
Enter Import Password: Mac verify error: invalid password?
What is this password ?
Have you tried using the Elasticsearch util as described in the security setup documentation?
Now I do, but I don't understand the mistake I made.
fatal exception while booting Elasticsearchorg.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [C:\Users\Test\Documents\Suite ELK\elasticsearch-8.11.1\config\certs\elastic-certificates.p12] - this is usually caused by an incorrect password; (a keystore password was provided)
However, during the certification generate, I didn't set a password ?
Here is my elasticsearch.yml :
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/elastic-certificates.p12
truststore.path: certs/elastic-certificates.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["Test"]
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0
# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0
After research that i want, I found something and I followed the process. I executed this command :
bin\elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password
xxxxxxxxx
xxxxxx means the password
But how i use it, it's not write on the process
Ok, my bad, I had to overwrite on the previous password with this command :
bin\elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
So now my Elasticsearch start, but i still have the same issue on Kibana.
See my kibana.yml
elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.serviceAccountToken: "XXXXXXXXXXXXXXXXXXXX"
elasticsearch.ssl.certificateAuthorities: ['C:\Users\Test\Documents\Suite ELK\elasticsearch-8.11.1\config\certs\elastic-certificates.p12']
elasticsearch.ssl.verificationMode: certificate
Ok good on elastic...
That is not correct that is the cert not the CA. Assuming you did autosetup on the certs on elasticsearch there should be a file...
http_ca.crt you need to use that in that setting
Oh thank it works, even if i still have some issues
[2023-12-14T16:41:13.838+01:00][ERROR][plugins.fleet] Failed to fetch latest version of synthetics from registry: Error connecting to package registry: request to https://epr.elastic.co/search?package=synthetics&prerelease=true&kibana.version=8.11.1 failed, reason: self-signed certificate in certificate chain
[2023-12-14T16:41:13.872+01:00][WARN ][plugins.fleet] xpack.encryptedSavedObjects.encryptionKey is not configured, private key passphrase is being stored in plain text
[2023-12-14T16:41:13.883+01:00][WARN ][plugins.fleet] xpack.encryptedSavedObjects.encryptionKey is not configured, agent uninstall tokens are being stored in plain text
[2023-12-14T16:41:13.918+01:00][INFO ][plugins.fleet] Fleet setup completed
[2023-12-14T16:41:13.920+01:00][INFO ][plugins.securitySolution] Dependent plugin setup complete - Starting ManifestTask
[2023-12-14T16:41:13.922+01:00][INFO ][plugins.securitySolution.endpoint.policyProtections] App feature [endpoint_policy_protections] is enabled. Nothing to do!
[2023-12-14T16:41:14.990+01:00][ERROR][plugins.fleet] Failed to fetch latest version of synthetics from registry: Error connecting to package registry: request to https://epr.elastic.co/search?package=synthetics&prerelease=true&kibana.version=8.11.1 failed, reason: self-signed certificate in certificate chain
[2023-12-14T16:41:14.996+01:00][INFO ][plugins.synthetics] Installed synthetics index templates
[2023-12-14T16:41:15.438+01:00][INFO ][status] Kibana is now available (was degraded)
Kibana.yml
elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.serviceAccountToken: "XXXXXXXXXXXXXXXXXX"
elasticsearch.ssl.certificateAuthorities: ['C:\Users\test\Documents\Suite ELK\kibana-8.11.1\data\ca_1xxxxxxx.crt']
elasticsearch.ssl.verificationMode: certificate
And just one question, the kibana's certificat is signed with my private key ? Is that right ?
I do not know. It depends on how you set up the certificates.
And you are "Degraded" you should set
xpack.encryptedSavedObjects.encryptionKey
Just set it to a random 32 string...
I have this error too !
Share your entire kibana.yml
How did you setup the fleet server?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.