Logstash error after installing ssl

Cosmin_Ciobanu · November 9, 2020, 6:14pm

[ERROR] 2020-11-09 10:08:12.337 [[main]-pipeline-manager] javapipeline - Pipeline error {:pipeline_id=>"main", :exception=>#<Manticore::UnknownException: Host name '0.0.0.0' does not match the certificate subject provided by the peer (CN=elasticsearch)>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/manticore/response.rb:37:in block in initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/manticore/response.rb:79:in call'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:74:in perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:332:in perform_request_to_url'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:261:in health_check_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:270:in block in healthcheck!'", "org/jruby/RubyHash.java:1415:in each'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:266:in healthcheck!'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:382:in update_urls'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:82:in update_initial_urls'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:76:in start'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client.rb:302:in build_pool'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client.rb:64:in initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:105:in create_http_client'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:101:in build'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch.rb:307:in build_client'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.6.2-java/lib/logstash/outputs/elasticsearch/common.rb:23:in register'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:126:in register'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:68:in register'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:228:in block in register_plugins'", "org/jruby/RubyArray.java:1809:in each'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:227:in register_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:585:in maybe_setup_out_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:240:in start_workers'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:185:in run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:137:in block in start'"], "pipeline.sources"=>["/etc/logstash/conf.d/filebeat-pipeline.conf"], :thread=>"#<Thread:0x47f72c65 run>"}
[INFO ] 2020-11-09 10:08:12.339 [[main]-pipeline-manager] javapipeline - Pipeline terminated {"pipeline.id"=>"main"}

Let me know if you need any other information!
This error is generated after using --debug.

Thank you!

Badger · November 9, 2020, 6:19pm

Sound like you are configuring the output to connect to an address that does not match the certificate that you have installed in elasticsearch. They should match.

You do have the option to disable this verification, but in that case you might as well turn off TLS, since you do not have any security in you disable it.

Cosmin_Ciobanu1 · November 10, 2020, 7:57pm

I've created all the certificates with certuil tool. And I use the same CA for KIbana-Elasticsearch , Filbeat-Elasticsearch comunication and it works just fine.
I don't understand why this error still remains.

Badger · November 10, 2020, 8:23pm

It is not about the CA, it is about the CN not matching the hostname.

TimV · November 11, 2020, 12:52am

Which mode did you use for certutil?
Was it elasticsearch-certutil cert or elasticsearch-certutil http ?

My guess is that you used http.
If so, when you did that, you were asked:

Which hostnames will be used to connect ...

and

Which IP addresses will be used to connect ...

You didn't enter 0.0.0.0 into that list (nor should you really, since that is not a routable address), but here you have logstash attempting to connect to Elasticsearch on 0.0.0.0

Host name '0.0.0.0' does not match the certificate subject provided by the peer (CN=elasticsearch)

That's the problem.

My guess is that for Kibana and Filebeat you have put in a real URL with a real hostname or IP, but you've used a different format for Logstash.

system · December 12, 2020, 7:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.