Closed tahir59 closed 3 years ago
Hi @ribbybibby, refer the log below
cert-exporter-2_1 | time="2020-11-13T08:14:15Z" level=error msg="error=Get \"https://consul.test.local:8501\": x509: certificate signed by unknown authority target=https://consul.test.local:8501 prober=https timeout=10s" source="ssl_exporter.go:91"
"error=Get "https://consul.test.local:8501\": x509: certificate signed by unknown authority
This probably means the ssl_exporter doesn't have access to the CA cert that issued the certificate for consul.test.local
. You either need to install it into the system certs where ssl_exporter is running, or pass it explicitly with tls_config.ca_file
in a custom module configuration.
modules:
https_consul:
prober: https
tls_config:
ca_file: /etc/tls/ca.crt
https://github.com/ribbybibby/ssl_exporter#configuration-file https://github.com/ribbybibby/ssl_exporter/blob/master/examples/ssl_exporter.yaml
docker run -p 9219:9219 ribbybibby/ssl-exporter:latest --config.file="./ssl_exporter.yaml" time="2020-11-13T10:28:04Z" level=fatal msg="error reading config file: open ./ssl_exporter.yaml: no such file or directory" source="ssl_exporter.go:370"
You need to mount the file in the container:
docker run -p 9219:9219 -v ${PWD}/ssl_exporter.yaml:/ssl_exporter.yaml ribbybibby/ssl-exporter:latest --config.file="./ssl_exporter.yaml"
I think some issue with ssl_exporter.yaml
docker run -p 9219:9219 -v ${PWD}/ssl_exporter.yaml:/ssl_exporter.yaml ribbybibby/ssl-exporter:latest --config.file="./ssl_exporter.yaml" time="2020-11-16T03:29:04Z" level=fatal msg="error parsing config file: yaml: unmarshal errors:\n line 14: field timeout not found in type config.Module" source="ssl_exporter.go:370"
The timeout
field on the master branch has not been released yet. Remove it for now or run the master tag of the docker image:
ribbybibby/ssl-exporter:master
after mounting the CA cert, I need to run "update-ca-trust", how can I do it.
I think the general approach would be to generate the certificate bundle with update-ca-trust
or update-ca-certificates
or whatever in another container or on your host itself and then mount that in the ssl_exporter container.
There's an example of doing that in Kubernetes with an initContainer
here: https://github.com/ribbybibby/ssl_exporter/issues/12#issuecomment-562966945.
For docker you might be able to use volumes: https://www.digitalocean.com/community/tutorials/how-to-share-data-between-docker-containers. I've never really used that feature though so I can't be sure of that.
I figured out a way and it worked, no need to run update-ca-certificates.
add module in ssl_exporter.yaml https_consul: prober: https tls_config: ca_file: /mycert.crt
mount volumes in docker-compose cert-exporter: image: ribbybibby/ssl-exporter:master ports:
@tahir59 Glad to hear it!
Hi @tahir59. This should work:
Assuming that
'https://example.com:1122'
is changed to a valid host and port combination and127.0.0.1:9219
is the address of your ssl exporter instance.