SSL not working using letsencrypt certificates

[awlamb]

The logs:

2018-01-17 18:31:37 +0000 [debug]: #0 starting server 2018-01-17 18:31:37 +0000 [debug]: #0 failed to establish ssl session error_class=OpenSSL::SSL::SSLError error=#<OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A> 2018-01-17 18:31:37 +0000 [debug]: #0 Shutdown called 2018-01-17 18:31:37 +0000 [debug]: #0 Shutting down :

The Config:

@type secure_forward
port 8080
bind "0.0.0.0"
self_hostname "myname.mysite.com"
shared_key xxxxxx
log_level debug
secure true
ca_private_key_passphrase xxxxxx
ca_cert_path "/etc/td-agent/fullchain.pem"
ca_private_key_path "/etc/td-agent/privkey.pem"

Browsers say: The connection to this site is using a valid, trusted server certificate issued by unknown name.

The certificate is the cert plus the intermediate certificate: https://letsencrypt.org/certificates/

I tried adding the other intermediate signed by ISRG, and also adding the root cert below that. Same issue.

Thoughts?

[tagomoris]

If you use certs provided by Let's Encrypt, you should configure Fluentd using "Trusted CA" pattern with intermediate certificate. https://github.com/tagomoris/fluent-plugin-secure-forward#using-ssl-certificates-issued-from-trusted-ca