Unable to connect to the server: x509: certificate signed by unknown authority

[vikasgubbi]

Getting below mentioned error message, please assist

Deploying KubeDNS... Unable to connect to the server: x509: certificate signed by unknown authority ( possibly because of "crypto/rsa: verification error" while trying to verify cand idate authority certificate "Kubernetes") Deploying WeaveNet... Unable to connect to the server: x509: certificate signed by unknown authority ( possibly because of "crypto/rsa: verification error" while trying to verify cand idate authority certificate "Kubernetes") ./install.sh: line 45: ../logs/weavenet.log: No such file or directory

Regards, Vikas

[hoeghh]

Are you running the latest commit? Try and pull and run it again. This should be fixed i think.

[vikasgubbi]

Still getting the same message

Deploying KubeDNS... Unable to connect to the server: x509: certificate signed by unknown authority ( possibly because of "crypto/rsa: verification error" while trying to verify cand idate authority certificate "Kubernetes") Deploying WeaveNet... Unable to connect to the server: x509: certificate signed by unknown authority ( possibly because of "crypto/rsa: verification error" while trying to verify cand idate authority certificate "Kubernetes")

[hoeghh]

Hi,

Could you list the files you have in the folder ssl?

Also cat the file cert.log in the log folder.

[vikasgubbi]

---

-rwxrwxrwx 1 root root 55 Jan 31 18:54 README.md -rwxrwxrwx 1 root root 232 Feb 1 03:04 ca-config.json -rwxrwxrwx 1 root root 211 Feb 1 03:04 ca-csr.json -rwxrwxrwx 1 root root 1367 Feb 1 03:04 ca.pem -rwxrwxrwx 1 root root 1679 Feb 1 03:04 ca-key.pem -rwxrwxrwx 1 root root 1005 Feb 1 03:04 ca.csr -rwxrwxrwx 1 root root 231 Feb 1 03:04 admin-csr.json -rwxrwxrwx 1 root root 1428 Feb 1 03:04 admin.pem -rwxrwxrwx 1 root root 1675 Feb 1 03:04 admin-key.pem -rwxrwxrwx 1 root root 1033 Feb 1 03:04 admin.csr -rwxrwxrwx 1 root root 248 Feb 1 03:04 k8s-worker-1-csr.json -rwxrwxrwx 1 root root 1497 Feb 1 03:04 k8s-worker-1.pem -rwxrwxrwx 1 root root 1679 Feb 1 03:04 k8s-worker-1-key.pem -rwxrwxrwx 1 root root 1058 Feb 1 03:04 k8s-worker-1.csr -rwxrwxrwx 1 root root 248 Feb 1 03:04 k8s-worker-2-csr.json -rwxrwxrwx 1 root root 1497 Feb 1 03:04 k8s-worker-2.pem -rwxrwxrwx 1 root root 1679 Feb 1 03:04 k8s-worker-2-key.pem -rwxrwxrwx 1 root root 1058 Feb 1 03:04 k8s-worker-2.csr -rwxrwxrwx 1 root root 248 Feb 1 03:04 k8s-worker-3-csr.json -rwxrwxrwx 1 root root 1497 Feb 1 03:04 k8s-worker-3.pem -rwxrwxrwx 1 root root 1675 Feb 1 03:04 k8s-worker-3-key.pem -rwxrwxrwx 1 root root 1058 Feb 1 03:04 k8s-worker-3.csr -rwxrwxrwx 1 root root 248 Feb 1 03:04 kube-proxy-csr.json -rwxrwxrwx 1 root root 1452 Feb 1 03:04 kube-proxy.pem -rwxrwxrwx 1 root root 1675 Feb 1 03:04 kube-proxy-key.pem -rwxrwxrwx 1 root root 1058 Feb 1 03:04 kube-proxy.csr -rwxrwxrwx 1 root root 232 Feb 1 03:04 kubernetes-csr.json -rwxrwxrwx 1 root root 1582 Feb 1 03:04 kubernetes.pem -rwxrwxrwx 1 root root 1675 Feb 1 03:04 kubernetes-key.pem -rwxrwxrwx 1 root root 1033 Feb 1 03:04 kubernetes.csr

2018/02/01 13:42:48 [INFO] signed certificate with serial number 122768701674974204483994409596908346667330834384 2018/02/01 13:42:48 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for websites. For more information see the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org); specifically, section 10.2.3 ("Information Requirements"). 2018/02/01 13:42:48 [INFO] generate received request 2018/02/01 13:42:48 [INFO] received CSR 2018/02/01 13:42:48 [INFO] generating key: rsa-2048 2018/02/01 13:42:48 [INFO] encoded CSR 2018/02/01 13:42:48 [INFO] signed certificate with serial number 5145548915844151987152183396512220278343437724 2018/02/01 13:42:48 [INFO] generate received request 2018/02/01 13:42:48 [INFO] received CSR 2018/02/01 13:42:48 [INFO] generating key: rsa-2048 2018/02/01 13:42:49 [INFO] encoded CSR 2018/02/01 13:42:49 [INFO] signed certificate with serial number 411108425930422097420891460419571777175422432491 2018/02/01 13:42:49 [INFO] generate received request 2018/02/01 13:42:49 [INFO] received CSR 2018/02/01 13:42:49 [INFO] generating key: rsa-2048 2018/02/01 13:42:49 [INFO] encoded CSR 2018/02/01 13:42:49 [INFO] signed certificate with serial number 312808377573890118299838879228258647356077301927 2018/02/01 13:42:49 [INFO] generate received request 2018/02/01 13:42:49 [INFO] received CSR 2018/02/01 13:42:49 [INFO] generating key: rsa-2048 2018/02/01 13:42:49 [INFO] encoded CSR 2018/02/01 13:42:49 [INFO] signed certificate with serial number 287029058078658815419686226090396178991215027777 2018/02/01 13:42:49 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for websites. For more information see the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org); specifically, section 10.2.3 ("Information Requirements"). ../scripts/generate_certs.sh: line 160: -1: substring expression < 0 Adding hosts : 192.168.50.4,192.168.50.20,192.168.50.11,192.168.50.12,192.168.50.21,192.168.50.22,192.168.50.31,192.168.50.32,192.168.50.33,192.168.50.5,,192.160.50.21,10.32.0.1,127.0.0.1,kubernete s.default 2018/02/01 13:42:49 [INFO] generate received request 2018/02/01 13:42:49 [INFO] received CSR 2018/02/01 13:42:49 [INFO] generating key: rsa-2048 2018/02/01 13:42:50 [INFO] encoded CSR 2018/02/01 13:42:50 [INFO] signed certificate with serial number 423253566375330892713213532694125107989749944389

[hoeghh]

Did you run destroy.sh before running install.sh again? Empty the ssl folder (except readme.md) before install.sh?

Try that. That my best guess.

[vikasgubbi]

Thanks a lot. It worked.