Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS certificates expired #15

Open
Cepxio opened this issue Jul 11, 2023 · 2 comments
Open

TLS certificates expired #15

Cepxio opened this issue Jul 11, 2023 · 2 comments

Comments

@Cepxio
Copy link

Cepxio commented Jul 11, 2023
edited
Loading

Hi guys!

I'm learning about Consul ACLs setup and found this great Docker POC, thank you for sharing this nice tutorial!

While bootstrapping the cluster I found an issue because of expired TLS certificates

consul-server1  | 2023-07-11T16:39:19.259Z [ERROR] agent.server.rpc: failed to read byte: conn=from=172.19.0.4:51614 error="remote error: tls: bad certificate"
consul-server1  | 2023-07-11T16:39:32.896Z [ERROR] agent.anti_entropy: failed to sync remote state: error="No cluster leader"
consul-server1  | 2023-07-11T16:39:32.934Z [WARN]  agent: grpc: addrConn.createTransport failed to connect to {dc1-172.19.0.4:8300 0 consul-server3.dc1 <nil>}. Err :connection error: desc = "transport: Error while dialing x509: certificate has expired or is not yet valid: current time 2023-07-11T16:39:32Z is after 2022-02-23T15:30:42Z". Reconnecting...

$ openssl x509 -enddate -noout -in certs/dc1-server-consul-0.pem 
notAfter=Feb 23 15:30:42 2022 GMT

It would be nice to update them :)

Let me know if I can help here.

Thank you!
@MHipo
Copy link

MHipo commented May 18, 2024
edited
Loading

Hi @Cepxio I also face the same issue. Is it okay to generate new certs using the command

openssl x509 -enddate -noout -in certs/dc1-server-consul-0.pem 
notAfter=Feb 23 15:30:42 2022 GMT

Because i am trying to set up a consul-vault? Saw the following output logs:

consul-server2  | 2024-05-18T11:59:43.673Z [ERROR] agent.server.rpc: failed to read byte: conn=from=172.22.0.4:3772 error="remote error: tls: bad certificate"
consul-server2  | 2024-05-18T11:59:44.622Z [WARN]  agent: error getting server health from server: server=consul-server2 error="context deadline exceeded"
consul-server2  | 2024-05-18T11:59:44.622Z [WARN]  agent: error getting server health from server: server=consul-server1 error="context deadline exceeded"
consul-server2  | 2024-05-18T11:59:44.622Z [WARN]  agent: error getting server health from server: server=consul-server3 error="context deadline exceeded"
consul-server2  | 2024-05-18T11:59:44.659Z [ERROR] 
Thanks

@Cepxio
Copy link
Author

Cepxio commented Aug 30, 2024

@MHipo sorry for the late response.
The outdated TLS certs were for the ACL bootstrap, not sure about the Vault lab.

Regarding the update on TLS, you can use the consul command client to update this :)

Please, review the help option:

consul tls --help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Cepxio @MHipo