“No alive nodes found in your cluster” message when using HTTPS endpoint in PHP API

I'm using PHP client to connect to the found Elasticsearch server. Given below is the code I use to create the client

 $hosts = [
        'https://username:password@xxxxxxxxxxxxxxxxxx.ap-southeast-2.aws.found.io:9243
    ];

    $client = ClientBuilder::create()
        ->setHosts($hosts)
        ->build();

//prepare search params and query
.....

 $elasticResponse = $client->search($params);

This works fine and return the results as long as I'm using the HTTP
endpoint. But when I use the HTTPS endpoint. It throws "No alive nodes
found in your cluster" error and terminates. Please help.

Hello,

I also have this problem, however, it works with a REST client.

My PHP request give me 'No alive nodes found in your cluster' with http and https.

Cannot find any solution online. Been searching for 4 hours solid.

Please help!

Kindest regards,

Jack

Hey all, I'm the maintainer of the ES-PHP library. That error can come from a few different places. For the next major version, I'm planning on cleaning up the exception hierarchy, so that issues like this are more explicit.

To summarize, there are a few situations where this error can occur. Most generally, it means the client simply couldn't find any valid nodes to talk to. This could happen because:

  • All your nodes are down (likely not the issue, but worth mentioning)

  • Firewall / port issues. Make sure your firewall is configured to allow the appropriate port

  • SELinux policies. By default, SELinux only allows outbound access to "standard" ports like 80, 443, etc, which can block the "non-standard" ports used by ES (9200). You'll likely need to modify your SELinux policy, or switch ES's port. This sometime shows as a cURL error 7 exception in the client, depending on how recent your version is

  • Out-dated or missing root certificates. If your client works over standard HTTP but not HTTPS, it's likely a misconfigured root certificate. The docs have instructions on how to include CaCurlBundle, which will include a recently updated bundle of root certificates. Alternatively, you could just update the root certs globally on your OS.

  • User/pass issues. We recently ran into an issue where PHP's parse_url was incorrectly parsing the URL due to special characters in the password. Adding a trailing slash to the url fixed the problem; this may be a PHP bug, I haven't had a chance to investigate yet

  • String escaping. Similarly, if your user/pass includes a dollar sign ($) and you are double-quoting your string ("), PHP will attempt to find a variable to replace with. Usually it's a nonsense variable $adi8ejd29, PHP emits a notice (which may be suppressed by your config) and the authentication fails.

Slightly newer versions of the client report this better, and the next major version will overhaul this entire hierarchy of exceptions and how they are reported.