Logstash crashing, user error with pipeline and SSL certs configuration

I'm struggling a bit getting certs in place for just logstash and filebeat. My goal is to secure log trasnport between VPS instances and my logstash server. Although I'm testing with everything on the same server at the moment. Things were working fine before attempting to configure SSL, now I get this error message from Logstash:

Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}

My Logstash pipeline configuration is as follows:

input {
        beats {
                port => 5044
                ssl => true
                ssl_certificate_authorities => ["/certs/ca/ca.crt"]
                ssl_verify_mode => "force_peer"

this cert is copied in via docker and I can confirm they are in the correct location in the container prior to it crashing. I doubt its related but I do map another docker container readonly to the same cert.
My filebeat configuration is as follows:

  enabled: true
  hosts: ["logstash:5044"]
  ssl.certificate_authorities: ["/certs/ca/ca.crt"]
  ssl.certificate: "/certs/instance/instance.crt"
  ssl.key: "/certs/instance/instance.key"

I'm not entirely sure I setup my keys correctly, what I did for that was:

bin/elasticsearch-certutil cert --keep-ca-key --pem --out /temp/certs.zip

This generates the above refrenced certs in the same naming and folder structure. Any idea what Im' doing wrong here or why logstash crashes?

Missed an important earlier error. Looks like I get this:

Pipeline error {:pipeline_id=>"main", :exception=>#<LogStash::ConfigurationError: Certificate or Certificate Key not configured>

I'm trying some more / different settings with multiple VPS intsances now. I can't delete this so I will call this answered here.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.