Oct 07 11:57:38 elk.example.com logstash[3697608]: [2024-10-07T11:57:38,571][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://logstash_internal:xxxxxx@elk.example.com:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://elk.example.com:9200/][Manticore::ClientProtocolException] PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed"}
It was working fine till about 09:45 today morning after which it started showing up with this. I use the same ca.crt for both Elasticsearch and Logstash and have chowned and setfacled the respective directories (I do not think this is a problem with permissions). ca.crt is valid till 2035.
Can someone help me? I have seen many similar errors but this specifically never turned up in my search.
The only things I have changed from the default logstash.yml are:
You're probably right. A few other things broke in our infrastructure for similar reasons and looks like the cert is the problem. I will be investigating this today, will get back once I (attempt to) fix this.
Unfortunately, that doesn't seem to have fixed the problem. I replaced the cert with a new cert (the previous one had already expired). Both of these certs are derived from an intermediate certificate.
What am I missing? This is my Elasticsearch config:
It seems that there was a problem in the certificate that was generated. I checked the certificate with openssl and was seeing Validation Errors. We produced a new certificate for Elasticsearch and now everything is working fine. Hope this helps anyone who comes across this thread in the future.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.