search

hashicorp / learn-consul-docker

Docker Compose quick starts for Consul features.
Mozilla Public License 2.0
128 stars 44 forks source link

TLS certificates expired #15

Open Cepxio opened 1 year ago

Cepxio commented 1 year ago

Hi guys!

I'm learning about Consul ACLs setup and found this great Docker POC, thank you for sharing this nice tutorial!

While bootstrapping the cluster I found an issue because of expired TLS certificates 

consul-server1  | 2023-07-11T16:39:19.259Z [ERROR] agent.server.rpc: failed to read byte: conn=from=172.19.0.4:51614 error="remote error: tls: bad certificate"
consul-server1  | 2023-07-11T16:39:32.896Z [ERROR] agent.anti_entropy: failed to sync remote state: error="No cluster leader"
consul-server1  | 2023-07-11T16:39:32.934Z [WARN]  agent: grpc: addrConn.createTransport failed to connect to {dc1-172.19.0.4:8300 0 consul-server3.dc1 <nil>}. Err :connection error: desc = "transport: Error while dialing x509: certificate has expired or is not yet valid: current time 2023-07-11T16:39:32Z is after 2022-02-23T15:30:42Z". Reconnecting...
$ openssl x509 -enddate -noout -in certs/dc1-server-consul-0.pem 
notAfter=Feb 23 15:30:42 2022 GMT

It would be nice to update them :)

Let me know if I can help here.

Thank you!

MHipo commented 5 months ago

Hi @Cepxio I also face the same issue. Is it okay to generate new certs using the command 

openssl x509 -enddate -noout -in certs/dc1-server-consul-0.pem 
notAfter=Feb 23 15:30:42 2022 GMT

Because i am trying to set up a consul-vault? Saw the following output logs:


consul-server2  | 2024-05-18T11:59:43.673Z [ERROR] agent.server.rpc: failed to read byte: conn=from=172.22.0.4:3772 error="remote error: tls: bad certificate"
consul-server2  | 2024-05-18T11:59:44.622Z [WARN]  agent: error getting server health from server: server=consul-server2 error="context deadline exceeded"
consul-server2  | 2024-05-18T11:59:44.622Z [WARN]  agent: error getting server health from server: server=consul-server1 error="context deadline exceeded"
consul-server2  | 2024-05-18T11:59:44.622Z [WARN]  agent: error getting server health from server: server=consul-server3 error="context deadline exceeded"
consul-server2  | 2024-05-18T11:59:44.659Z [ERROR] 
Thanks
Cepxio commented 1 month ago

@MHipo sorry for the late response. The outdated TLS certs were for the ACL bootstrap, not sure about the Vault lab.

Regarding the update on TLS, you can use the consul command client to update this :)

Please, review the help option:

consul tls --help