What do you enter as the "host" while deploying a 3 node cluster and using elasticsearch_certutil http

I am having trouble getting the correct http certificate. I have deployed a 3 node cluster according to the config. mentioned in this elastic article - Encrypting communications in an Elasticsearch Docker Container | Elasticsearch Guide [7.13] | Elastic

The ssl/tls part here is done and it works fine. But now that I go for the Elastic Stack plus secured HTTPS traffic, i run the mentioned steps and do the necessary changes in the .yml file.
But on running the configuration i get the following errors:-

  1. Two keystore can not exist. ( one for ssl, one for http)

then after removing ssl as the keystore and keeping the http key
2. error","savedobjects-service"],"pid":951,"message":"Unable to retrieve version information from Elasticsearch nodes.
The kibana does not work with the http key (the cluster works at 30 % red status)

My last question is about this article - Set up basic security for the Elastic Stack plus secured HTTPS traffic | Elasticsearch Guide [7.13] | Elastic

in step 2(h) what should i enter as hostname? Is it the node es01,es02,es03 ?
( for ref. to my .yml file Encrypting communications in an Elasticsearch Docker Container | Elasticsearch Guide [7.13] | Elastic)

Hello Shubh!

I did a quick search on the keystore message you posted, and couldn't find anything. Was that the exact message that was logged? And if I had to guess, you probably need to use the ssl keystore and not the http one, but ... I'm not sure.

Regarding how to specify the elasticsearch host names in the Kibana config, this documentation show an example: Running the Elastic Stack on Docker | Getting Started [7.13] | Elastic

kib01:
    image: docker.elastic.co/kibana/kibana:7.13.4
    container_name: kib01
    ports:
      - 5601:5601
    environment:
      ELASTICSEARCH_URL: http://es01:9200
      ELASTICSEARCH_HOSTS: '["http://es01:9200","http://es02:9200","http://es03:9200"]'
    networks:
      - elastic

Presumably you'd use https://es01:9200, instead of with the http:// prefix ...

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.