Ubuntu install - Expired certificate

logdna / logdna-agent-v2

The blazingly fast, resource efficient log collection client

https://logdna.com

MIT License

65 stars 46 forks source link

Ubuntu install - Expired certificate #623

Open tishma opened 5 months ago

tishma commented 5 months ago

Following the Debian-based distro agent installation, got this:

$ sudo apt-get update
Ign:1 https://assets.logdna.com stable InRelease
Err:2 https://assets.logdna.com stable Release        
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. 
****

Tried updating certificates - no luck.

jakedipity commented 5 months ago

@tishma What version of Debian are you running? This might possibly be related to apt-key being removed in Debian 12. Does the following work?

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/logdna.gpg] https://repo.logdna.com stable main" | sudo tee /etc/apt/sources.list.d/logdna.list
sudo apt-get update
sudo apt-get install -y logdna-agent

tishma commented 5 months ago

It's Ubuntu 20.04 I didn't have logdna.gpg at /usr/share/keyrings/logdna.gpg. I've used apt_key ansible task to add the key from https://assets.logdna.com/logdna.gpg, which should be equivalent to wget followed by apt-key add - cmd. After downloading the key and placing it there - apt-get update is giving:

Get:1 https://repo.logdna.com stable InRelease [2336 B]
Err:1 https://repo.logdna.com stable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C1BF174AEF506BE8

tishma commented 5 months ago

The meaningful diff appears to be using repo.logdna.com instead of assets.logdna.com suggested here: https://github.com/logdna/logdna-agent-v2/blob/master/docs/LINUX.md#installation-first-time-installations.

tishma commented 5 months ago

repo.logdna ended up installing legacy version 2.2 that didn't load my /etc/logdna.env. I am out of ideas. Skipping verification until this is resolved.

echoblag commented 4 months ago

@tishma Howdy, I was able to get the agent working on Ubuntu 22.04 using the following:

curl -fsSL https://repo.logdna.com/logdna.gpg | sudo gpg --dearmor -o /usr/share/keyrings/logdna.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/logdna.gpg] https://repo.logdna.com stable main" | sudo tee /etc/apt/sources.list.d/logdna.list

sudo apt-get update
sudo apt-get install -y logdna-agent

This resolved the unsigned repo error, which makes sense since we retrieve the certificate first before adding it to the keyring.

tishma commented 4 months ago

Thanks @echoblag

It's been a while, and what you did - looks like equivalent of my previous comment.

Which version was installed?

echoblag commented 4 months ago

Thanks @echoblag

It's been a while, and what you did - looks like equivalent of my previous comment.

Which version was installed?

It looks like it's version 2.2.1, looks like that problem still remains.

Re-reading you previous comment, I see what you mean, I just needed to spell it out for myself using the full commands.

Regarding the env file no longer being referenced, I had to use:

sudo logdna-agent -k ${logdna_ingestion_key}
sudo logdna-agent -t tag,tag