I've had my Elastic Stack secured using a public CA certificate for about a year now and upgraded from version to version without issue. Updated Elasticsearch and Kibana from 7.6.2 to 7.7.0 today and everything seemed to work fine until I tried to access the monitoring app. This threw an error:
So I go and check out the logs to find this occurred during startup:
{"type":"log","@timestamp":"2020-05-20T17:21:40-05:00","tags":["error","elasticsearch","monitoring"],"pid":4284,"message":"Request error, retrying\nGET https://SERVERFQDN:9200/_xpack => unable to verify the first certificate"}
{"type":"log","@timestamp":"2020-05-20T17:21:40-05:00","tags":["error","elasticsearch","monitoring"],"pid":4284,"message":"Request error, retrying\nGET https://SERVERFQDN:9200/_xpack => unable to verify the first certificate"}
I've tried a number of things and can't seem to figure out what the hell I have configured wrong. I've checked all certificates I'm using and the earliest any of them expire is November of this year. I'm using the same wildcard certificates signed by a public CA in all three applications. Here's my Kibana.yml
I also have an issue with the monitoring view after the upgrade to 7.7.
I'm getting back the error:
No Living connections: Check the Elasticsearch Monitoring cluster network connection and refer to the Kibana logs for more information.
Hello,
I've tried that and indeed the error goes away. But now it states there's no monitoring data. The monitoring data is still visible when going to the kibana of the monitoring node. Is that problem specific to me, or do other have the same problem?
Best Regards,
Jo
I added these parameters and it works now.
At first I had "no monitoring data".
For those trying the workaround, don't forget the spaces before the certificate text strings (including ---).
Hello,
I got it working after I started using the new parameters instead of the old
monitoring.ui.elasticsearch.* instead of xpack.monitoring.elasticsearch.*
In the end i removed all monitoring.ui.* and it worked. Suggested by elastic support.
The only thing i had was monitoring.enabled: true no certs nothing.
SSL was enabled by the https to access kibana, i am told.
SSL was enabled by the https to access kibana, i am told.
Just to be clear- if you want Kibana to pull the monitoring data from the same place as it is connecting to anyway, then you don't need to specify the monitoring.ui.* settings (as @tiagocosta mentioned up here.
In this case Kibana will use the connection object already established (which works with certificates) rather than create a new one for the monitoring data.
As for me I tried the workaround, which worked and like @AndyHunt66 said:
I removed the xpack.monitoring.elasticsearch.* settings I had and it worked without the workaround.
The basic elasticsearch settings were enough since I pull the monitoring data from the same cluster.
I tried what was suggested by @tiagocosta, but still continued to get the same errors. I just removed all the monitoring.* settings, set elasticsearch.ssl.verificationMode: certificate, and I'm up and running again.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.