OpenSSL::SSL::SSLError: Received fatal alert: unknown_ca

Hello all,
First off - Thanks for LogStash :thumbsup:
I am looking for help in solving the error (see title) from my /var/log/logstash/logstash-plain.log log (when debug enabled)
I have an SSL cert from LetsEncrypt and have the following config:

input {
    tcp {
        ....
        ssl_enable => true
        ssl_cert   => "/certs/cert.pem"
        ssl_key    => "/certs/privkey.pem"
        ssl_extra_chain_certs  => [ "/certs/fullchain.pem" ]
        ssl_verify => false
    }
}

I have done a fair amount of googling and found a few issues from the older github repos, but nothing seems to help.
I think the problem is found with openssl - see last line of the following terminal snippet

$ openssl s_client -connect logstash.autoenrolment.co.uk:6514

CONNECTED(00000003)
depth=0 CN = logstash.autoenrolment.co.uk
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = logstash.autoenrolment.co.uk
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/CN=logstash.autoenrolment.co.uk
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAyaiusxo79akgXO2YycMPQkOMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAxMTMxMTIxMDBaFw0x
NzA0MTMxMTIxMDBaMCcxJTAjBgNVBAMTHGxvZ3N0YXNoLmF1dG9lbnJvbG1lbnQu
Y28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZLQIuPbMSKSej
1fJjoRNdCsYdR2eEVamAZzYYMnoW0/cOkesWs0hBOSRikuvDfXRfNDIoVk+vYQnd
Jb0RdoYpdSKqQqKh8ZgeJ9zl3p3IrZpDHbykTgcKuIqBZqGSzlzfaDqV5e0npCKC
ffDR5TVrNvXJnE3FKfDf31FHt1R15SV7ghjo/8Dgn+h+KtlsU5NuATXJKbzGKFYm
+IvKPJr+NqENdxY89bkSqnI06b6OCxA4pH5tfzPvGVbEpY7Rbwr2QAPZEh2hBD29
q4cM+9rhWSO+am8XJniOHp51rIywkf9NT83D19HtE3pT6lwotw6yWqw1lSW9VXsU
QTLV418FAgMBAAGjggIdMIICGTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCh7iYm/
NXXEyB5PPzFHGuqDGKI0MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyh
MHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgz
LmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14
My5sZXRzZW5jcnlwdC5vcmcvMCcGA1UdEQQgMB6CHGxvZ3N0YXNoLmF1dG9lbnJv
bG1lbnQuY28udWswgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8T
AQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCB
qwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJl
bGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRh
bmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczov
L2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEA
h48aZAfB5eDRAGIO2OmYuJUP9wloyk+2CIKb8eB1YWZma1mfWzBOyDa+nrnrunaq
2pE1GPIaIB988fzUoWsJcbn09PqQPH9TmAd5luIgwHK35my9NW17uQH9J78XZDJV
lHfIR7ZxSO39CLlGvCrL6M/u1YvCu5xpoAskwq2jCrAsxqDCadfeXu+J/gOSIdfs
2a5x/hu1Q3JFOnfSD2jjLk2/+ROFWJb8D7nQxO6i7X7b3ZR3hN9GFk+eE2MGqquy
0VT5Is3I4ZXKVKFULJFZbVlLesm3BzM1i35qC30IyANGQ6anIvUP1AEcz6w08o4I
H9ID6zIMuNLI1NlFDgdfcg==
-----END CERTIFICATE-----
subject=/CN=logstash.autoenrolment.co.uk
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1836 bytes and written 473 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-SHA256
    Session-ID: 5878C76446C94D51C018A8780D91EC897F78C470E2CF8ECDA80DC28838256702
    Session-ID-ctx:
    Master-Key: CAABC3F88FF12584FAFF3BCB92091A9A007D9C4B8AE8A5BE931E1A880AD5C996D4149E285F785F7A6A0BA05A26A54385
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1484310372
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

I wondered if anyone here would be kind enough to offer any little bit of advise that might help me resolve my issue

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.