SSL alert number 47

I am trying to setup Elasticsearch and Kibana 8.7.0 but facing issue with Kibana setup.
It is failing with
[ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. write EPROTO 140569521178560:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1565:SSL alert number 47

There is no other information log is giving.

Elasticsearch is up but Kibana isn't connecting to it.

The document I am following is Install Elasticsearch with Docker | Elasticsearch Guide [8.7] | Elastic for setting up multi-node cluster.

Please Share both
elasticsearch.yml
And
kibana.yml

alert illegal parameter

You have set a wrong param, as Stephen said, please share ymls.

It's working when I follow the steps mentioned in documentation.
As soon as I add another node ( coordinating node ), I get this error.
I am using docker-compose.

  es_search_coordinator:
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata04:/usr/share/elasticsearch/data
    environment:
      - node.name=es_search_coordinator
      - node.roles=[  ]
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01,es02,es03
      - discovery.seed_hosts=es01,es02,es03
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es_search_coordinator/es_search_coordinator.key
      - xpack.security.http.ssl.certificate=certs/es_search_coordinator/es_search_coordinator.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es_search_coordinator/es_search_coordinator.key
      - xpack.security.transport.ssl.certificate=certs/es_search_coordinator/es_search_coordinator.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  k01:
    depends_on:
      es_search_coordinator:
        condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    volumes:
      - certs:/usr/share/kibana/config/certs
      - kibanadata:/usr/share/kibana/data
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=k01
      - ELASTICSEARCH_HOSTS=https://es_search_coordinator:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
    mem_limit: ${MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

Cert is generated using same way as other instances.

I have this working for Elastic version 7.1.1. I am trying to upgrade.

Hard for us to tell since we can not see how the cert was created, plus if you look closely the certs logic they are not cleaned up each run, so if there was an error along the way and there is a bad cert it will not be recreated even if you keep running it over and over again.
Perhaps You can clean up the cert volume and try again...

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.