Closed albindy closed 3 months ago
Are you using code signing? Or any custom config?
Works fine for me after every change of cert and a lot of others.
Problems are meshcentral.conf and rmm.conf When changing the Certificate there the Agents are no longer working. Yes we use code signing. "Code signing all agents" No custom configs except the tried zertificate change.
so windows agents connect fine with new cert?
can you run the linux agent in debug mode and see if any errors related to certs? don't paste the full output here because it contains sensitive info:
# stop service
sudo systemctl stop tacticalagent
# run in debug
tacticalagent -m rpc -log debug -logto stdout
# after done debugging, don't forget to start service back up
sudo systemctl start tacticalagent
SyncMesh: Post "https://api.*********/api/v3/syncmesh/": tls: failed to verify certificate: x509: certificate signed by unknown authority But the cert is valid and an official wildcard working on several other systems. Additional info, it is a wildcard Cert. (CN) Sectigo RSA Domain Validation Secure Server CA (O) Sectigo Limited
Yes Windows connects fine.
Did you follow this and update all files? https://docs.tacticalrmm.com/unsupported_scripts/#using-purchased-ssl-certs-instead-of-lets-encrypt-wildcards
You don't need to do the nats regen.
You need to use the fullchain which you maybe haven't
Yes, followed the guide. Did the nats regen and worked like a charme. But! Good hint, I'm trying fullchain actual using cert.
So it worked after a nats regen and restarting all services?
Nats worked before. Just to complete the picture. Problem was using cert instead of fullchain. But Nats works with cert only and frontend too. For rmm and meshcentral fullchain is mandatory to work.
Maybe a hint in the docu would help. But, yes I know it is unsupported. Thanks for clearing things up and helping lightning fast! Thanks for the great support! All up and running now!
Did you not see this?
Nats doesnt actually need a cert anymore, glad its working now
OMG Sorry! Totally overlooked this note. Thanks again! Closing.
lol no worries!
Server Info (please complete the following information):
Installation Method:
Agent Info (please complete the following information):
Describe the bug When changing the Certificate in nginx Linux Agents no longer connect. No error in /opt/tacticalmesh/meshagent.log or /var/log/tacticalagent.log Switching back to old Cert brings back the Agents online. Or reinstallation. Result: Certificate Change is impossible for me. But I have to. How can the change be done without reinstalling all Linux Agents. To Reproduce Steps to reproduce the behavior:
Expected behavior Agents should accept other active and valid certificates without reinstallation.
Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.