Kibana failing to start due to unable to verify the first certificate

Hi need help in fixing this
ES version 8.8
Kibana version 8.8

Here is Kibana logs

Jun 09 08:28:10 ip-100-90-3-56.us-west-2.compute.internal kibana[20111]: [2023-06-09T08:28:10.667+00:00][INFO ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, and is supported for Linux Amazon Linux 2 (Karoo) OS. Automatically enabling Chromium sandbox.
Jun 09 08:28:10 ip-100-90-3-56.us-west-2.compute.internal kibana[20111]: [2023-06-09T08:28:10.747+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. unable to verify the first certificate
Jun 09 08:28:11 ip-100-90-3-56.us-west-2.compute.internal kibana[20111]: [2023-06-09T08:28:11.420+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_x64/headless_shell
Jun 09 08:48:10 ip-100-90-3-56.us-west-2.compute.internal kibana[20111]: [2023-06-09T08:48:10.211+00:00][ERROR][plugins.ruleRegistry] Error: Timeout: it took more than 1200000ms
Jun 09 08:48:10 ip-100-90-3-56.us-west-2.compute.internal kibana[20111]: at Timeout._onTimeout (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/alerts_service/lib/install_with_timeout.js:36:18)
Jun 09 08:48:10 ip-100-90-3-56.us-west-2.compute.internal kibana[20111]: at listOnTimeout (node:internal/timers:559:17)
Jun 09 08:48:10 ip-100-90-3-56.us-west-2.compute.internal kibana[20111]: at processTimers (node:internal/timers:502:7)
Jun 09 08:48:10 ip-100-90-3-56.us-west-2.compute.internal kibana[20111]: [2023-06-09T08:48:10.213+00:00][ERROR][plugins.ruleRegistry] Error: Failure during installation of common resources shared between all indices. Timeout: it took more than 1200000ms
Jun 09 08:48:10 ip-100-90-3-56.us-west-2.compute.internal kibana[20111]: at installWithTimeout (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/alerts_service/lib/install_with_timeout.js:48:11)
Jun 09 08:48:10 ip-100-90-3-56.us-west-2.compute.internal kibana[20111]: at ResourceInstaller.installCommonResources (/usr/share/kibana/node_modules/@kbn/rule-registry-plugin/server/rule_data_plugin_service/resource_installer.js:42:5)

Here is my kibana.tml file

server.name : "Kibana-1"
server.host: "100.90.3.56"
server.port: 5601
csp.strict: true # Production-Only
elasticsearch.hosts:
  - "https://100.90.3.51:9200"
elasticsearch.requestTimeout: 300000

# Security
xpack.security.encryptionKey: "m8Jls41MUvaGqz7qbHUDOxZmZZ5Yxpo8"
xpack.reporting.encryptionKey: "m8Jls41MUvaGqz7qbHUDOxZmZZ5Yxpo8"
xpack.encryptedSavedObjects.encryptionKey: "m8Jls41MUvaGqz7qbHUDOxZmZZ5Yxpo8"
xpack.security.session.idleTimeout: "30m"
xpack.security.session.lifespan: "8h"

## Kibana Certs ####
server.ssl.enabled: true
server.ssl.certificate: "/etc/kibana/certs/100.90.3.56/100.90.3.56.crt"
server.ssl.key: "/etc/kibana/certs/100.90.3.56/100.90.3.56.key"

## Elasticsearch Certs ####
elasticsearch.username: "kibana_system"
elasticsearch.password: "uweTx7o8MDamUaWTfgRi"
elasticsearch.ssl.verificationMode: certificate

elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/elastic-certificate-ca.p12" ]
type or paste code here

Elasticsearch config file

cluster.name: elastic-staging

path.logs: "/var/log/elasticsearch"
path.data: "/mnt/elasticsearch/data"

bootstrap.memory_lock: true

node.name: Elasticsearch-Master-1
node.roles: [ master ]
network.host: _ec2:privateIpv4_
network.publish_host: _ec2:privateIp_
transport.publish_host: _ec2:privateIp_
discovery.seed_providers: ec2
discovery.ec2.endpoint: ec2.us-west-2.amazonaws.com
discovery.ec2.tag.Role: Elasticsearch-Master
discovery.ec2.tag.Cluster: elastic
# discovery.ec2.tag.Name: Elasticsearch-Master-1
discovery.ec2.tag.Environment: staging
discovery.seed_hosts:
  - 100.90.3.51
cloud.node.auto_attributes: true
cluster.routing.allocation.awareness.attributes: aws_availability_zone
cluster.initial_master_nodes:
  - 100.90.3.51
# search.remote.connect: false
action.destructive_requires_name: true

# Security
xpack.security.enabled: true
xpack.security.audit.enabled: true
xpack.ml.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/100.90.3.51/100.90.3.51.key
xpack.security.http.ssl.certificate: certs/100.90.3.51/100.90.3.51.crt
xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.key: certs/100.90.3.51/100.90.3.51.key
#xpack.security.transport.ssl.certificate: certs/100.90.3.51/100.90.3.51.crt
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificate-ca.p12
#xpack.security.transport.ssl.truststore.path: elastic-certificate-ca.p12
xpack.security.transport.ssl.keystore.type: PKCS12

Hi Can some one please assist here. I stuck at this issue

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.