Kibana server is not ready yet

Umbler_Casel · February 22, 2023, 3:50pm

Kibana Version: 8.6
Elastic Search Version: 8.6

Certificate Used: Rapid SSL SHA1 ( might be the problem, but im not sure )

OS: Ubuntu 22.04

Error: Kibana presents a message on UI with the following:

"Kibana server is not ready yet."

Error Log:

[2023-02-22T15:05:45.066+00:00][DEBUG][elasticsearch.query.data] [ConnectionError]: unable to get issuer certificate

Troubleshooting Guide:

Using CA provided by Rapid SSL Website, i can securily "CURL" Elasticsearch address, see below:

curl --cacert rapid-ssl-ca.pem https://MY_ADDRESS_OF_ELASTIC:9201

{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}

But kibana keep throwring errors about certificate. The command above was executed inside kibana container, using the same CA configured over kibana.yml

Kibana Config File:

---
## Default Kibana configuration from kibana-docker.
## https://github.com/elastic/kibana-docker/blob/master/.tedi/template/kibana.yml.j2
#
server.name: kibana_test
server.host: "0.0.0.0"
server.publicBaseUrl: "https://MY_KIBANA_ADDRESS:8080"

# Leastic Search config
elasticsearch.hosts: [ "https://MY_ELASTIC_ADDRESS:9201" ]
elasticsearch.username: "kibana_system"
elasticsearch.password: "MYPASSWORD"
elasticsearch.ssl.certificateAuthorities: [ "/usr/share/elasticsearch/certs/rapid-ssl-ca.pem" ]

# X-Pack security credentials
xpack.monitoring.ui.container.elasticsearch.enabled: true
xpack.encryptedSavedObjects.encryptionKey: ENC_KEY
xpack.reporting.encryptionKey: ENC_KEY
xpack.security.encryptionKey: ENC_KEY

# SSL Configuration
server.ssl.enabled: true
server.ssl.key: /usr/share/elasticsearch/certs/elastic.key
server.ssl.certificate: /usr/share/elasticsearch/certs/elastic.crt
server.ssl.certificateAuthorities: ["/usr/share/elasticsearch/certs/rapid-ssl-ca.pem"]

logging.root: true
logging.root.level: debug

warkolm · February 22, 2023, 10:11pm

What do your Kibana logs show?

Umbler_Casel · February 22, 2023, 10:14pm

Always same message:

[2023-02-22T15:05:59.509+00:00][DEBUG][metrics.ops] memory: 217.4MB uptime: 0:07:21 load: [0.53,0.76,0.81] mean delay: 10.098 delay histogram: { 50: 10.093; 95: 10.166; 99: 10.559 }
[2023-02-22T15:05:59.666+00:00][DEBUG][elasticsearch.query.data] [ConnectionError]: unable to get issuer certificate
[2023-02-22T15:06:00.712+00:00][DEBUG][elasticsearch.query.data] [ConnectionError]: unable to get issuer certificate
[2023-02-22T15:06:01.463+00:00][DEBUG][elasticsearch.query.data] [ConnectionError]: unable to get issuer certificate
[2023-02-22T15:06:01.753+00:00][DEBUG][elasticsearch.query.data] [ConnectionError]: unable to get issuer certificate
[2023-02-22T15:06:02.798+00:00][DEBUG][elasticsearch.query.data] [ConnectionError]: unable to get issuer certificate
[2023-02-22T15:06:03.838+00:00][DEBUG][elasticsearch.query.data] [ConnectionError]: unable to get issuer certificate
[2023-02-22T15:06:03.960+00:00][DEBUG][elasticsearch.query.data] [ConnectionError]: unable to get issuer certificate

system · March 22, 2023, 10:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.