Kibana - Unable to retrieve version information from Elasticsearch nodes. self signed certificate in certificate chain

elasticScrub · March 9, 2022, 2:35am

When starting Kibana, I'm getting the following message:

[ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. self signed certificate in certificate chain

root@ubuntu:~# systemctl status kibana.service
● kibana.service - Kibana
     Loaded: loaded (/lib/systemd/system/kibana.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2022-03-09 02:30:45 UTC; 1min 17s ago
       Docs: https://www.elastic.co
   Main PID: 26594 (node)
      Tasks: 11 (limit: 2274)
     Memory: 514.6M
     CGroup: /system.slice/kibana.service
             └─26594 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist

Mar 09 02:31:25 ubuntu kibana[26594]: [2022-03-09T02:31:25.989+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated o>
Mar 09 02:31:25 ubuntu kibana[26594]: [2022-03-09T02:31:25.990+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
Mar 09 02:31:26 ubuntu kibana[26594]: [2022-03-09T02:31:26.040+00:00][WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated>
Mar 09 02:31:26 ubuntu kibana[26594]: [2022-03-09T02:31:26.069+00:00][WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please s>
Mar 09 02:31:26 ubuntu kibana[26594]: [2022-03-09T02:31:26.123+00:00][WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encry>
Mar 09 02:31:26 ubuntu kibana[26594]: [2022-03-09T02:31:26.160+00:00][WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encr>
Mar 09 02:31:26 ubuntu kibana[26594]: [2022-03-09T02:31:26.242+00:00][INFO ][plugins.ruleRegistry] Installing common resources shared between all indices
Mar 09 02:31:28 ubuntu kibana[26594]: [2022-03-09T02:31:28.716+00:00][INFO ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, and is supported for Linux Ubuntu 2>
Mar 09 02:31:39 ubuntu kibana[26594]: [2022-03-09T02:31:39.534+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. self signed certificate in certificate >
Mar 09 02:31:43 ubuntu kibana[26594]: [2022-03-09T02:31:43.735+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/x-pack/plugins/screenshotting/chromium/headless_shell-li>
lines 1-20/20 (END)

Here is my kibana.yml

server.port: 5601
server.host: "10.0.2.15"
elasticsearch.hosts: ["https://10.0.2.15:9200"]

Here is my Elasticsearch.yml

network.host: 10.0.2.15
http.port: 9200

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
#cluster.initial_master_nodes: ["ubuntu"]

# Allow HTTP API connections from localhost and local networks
# Connections are encrypted and require user authentication
http.host: [_local_, _site_]

# Allow other nodes to join the cluster from localhost and local networks
# Connections are encrypted and mutually authenticated
#transport.host: [_local_, _site_]

Going to http://localhost:5601/ just gives me message: "Kibana server is not ready yet."
I reckon this is some issue with certificates but cannot figure out what.

elasticScrub · March 9, 2022, 2:48am

For additional info, here all the commands/steps I took.

For configuring Elasticsearch:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

sudo apt-get install apt-transport-https

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

sudo apt-get update && sudo apt-get install elasticsearch kibana

Generated an enrollment token for Kibana and copied it but wasn't sure what to do with it

/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana

sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service

Increased Elasticsearch timeout values and then started it

sudo systemctl start elasticsearch.service

Opened /etc/elasticsearch/elasticsearch.yml and changed the host ip:

network.host: 10.0.2.15

Verified node was running

root@ubuntu:~# curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://10.0.2.15:9200
Enter host password for user 'elastic':
{
  "name" : "ubuntu",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "Nw0yZgQaShugMnTcSGZUSA",
  "version" : {
    "number" : "8.1.0",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "3700f7679f7d95e36da0b43762189bab189bc53a",
    "build_date" : "2022-03-03T14:20:00.690422633Z",
    "build_snapshot" : false,
    "lucene_version" : "9.0.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

Next I moved onto Kibana instructions which say to generate an enrollment token for Kibana with the elasticsearch-create-enrollment-token tool and start Kibana and enter the enrollment token to securely connect Kibana with Elasticsearch.

I try to start Kibana with bin/kibana and kept getting this error message:

Unable to retrieve version information from Elasticsearch nodes. socket hang up

I found a fix which was to change in kibana.yml elasticsearch.hosts: ["http://10.0.2.15:9200"] to elasticsearch.hosts: ["https://10.0.2.15:9200"]. HTTP to HTTPS.

Tried starting Kibana and then I run into the problem described in the OP.

ikakavas · March 9, 2022, 6:35am

If you want to use the enrollment process, then you should not make configuration changes to your kibana.yml but let the enrollment process handle this for you.

Remove elasticsearch.hosts: ["https://10.0.2.15:9200"] and start the kibana service again. When you navigate to http://localhost:5601/ you will be prompted to enter the enrollment token you generated in Elasticsearch ( please generate a new one, each enrollment token is only valid for 30 minutes)

elasticScrub · March 9, 2022, 6:31pm

Thank you, I was following a third party guide for version 7.0 so I suppose those instructions don't work any more.

I did the steps you said and am getting stuck here:

scrub@ubuntu:~$ sudo /usr/share/kibana/bin/kibana --allow-root
[2022-03-09T18:11:10.672+00:00][INFO ][plugins-service] Plugin "metricsEntities" is disabled.
[2022-03-09T18:11:11.127+00:00][INFO ][http.server.Preboot] http server running at http://10.0.2.15:5601
[2022-03-09T18:11:11.330+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2022-03-09T18:11:11.349+00:00][INFO ][preboot] "interactiveSetup" plugin is holding setup: Validating Elasticsearch connection configuration…
[2022-03-09T18:11:11.529+00:00][INFO ][root] Holding setup until preboot stage is completed.


i Kibana has not been configured.

Go to http://10.0.2.15:5601/?code=492470 to get started.

After this, my webpage doesn't connect and shows:

This site can’t be reached

10.0.2.15 took too long to respond.
ERR_CONNECTION_TIMED_OUT

I'm running Elastic/kibana on a virtualbox server and this is the port forwarding rule I have set up.

The only change I made is what was said which is to remove elasticsearch.hosts: ["https://10.0.2.15:9200"]

warkolm · March 9, 2022, 9:40pm

No, because the setup process for 8.X is different to 7.X

elasticScrub · March 10, 2022, 12:17am

@ikakavas

So when starting Kibana, the following is output to the screen:

i Kibana has not been configured.

Go to http://10.0.2.15:5601/?code=693808 to get started.

That wasn't working for me and gave me a ERR_CONNECTION_TIMED_OUT message. Changing the URL to http://localhost:5601 instead worked. Not sure of the explanation behind that but issue solved

ikakavas · March 10, 2022, 5:01am

Hi @elasticScrub

Your Kibana runs in the VM and as far as it is aware, the IP address the host it runs in is 10.0.2.15 ( and you've already explicitly told it so too with server.host: "10.0.2.15" ) - so you get the message saying

Go to http://10.0.2.15:5601/?code=693808

Depending on how you've set networking between your host and your guest, 10.0.2.15 might or might not be reachable from the host. In your case it wasn't and localhost worked because you have mapped the 5601 port from your host to your guest.

system · April 7, 2022, 5:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.