Cannot change FQDN and certificate error in new node

[xdatanet]

Hi,
I installed a new node with Ubuntu. I deployed NLS and joined to cluster. It worked. I noted that the FQDN of the new node is example.internal.cloudapp.net (azure local DNS name). I changed the DNS name of the VM but this not reflect to NLS.

Then I have another error (only in new node, the old ones are ok).

In System Status I can see:

Elasticsearch Database [ SSL: no alternative certificate subject name matches target host name '10.123.0.6' ]
Logstash Collector [ SSL: no alternative certificate subject name matches target host name '10.123.0.6' ]

It seems that NLS looks for ore uses the IP otherwise the FQDN.

How can solve this issue?

The Web Gui is ok with the right certificate: https://nls02.mycompany.com.

Regards,
Graziano.

[jmichaelson]

Since you changed the host name, you may have to generate an SSL certificate with the new node name in it. Some guidance for doing this on Azure can be found here

https://azureossd.github.io/2022/04/16/ ... Azure-VMs/

[xdatanet]

Since you changed the host name, you may have to generate an SSL certificate with the new node name in it. Some guidance for doing this on Azure can be found here

https://azureossd.github.io/2022/04/16/ ... Azure-VMs/

No, no no...
My nagiosls02.mycompany.com works like a charm in SSL. I successfully changed and configured the certificate in Apache. All the site works fine, only that page shows the old hostname (maybe a reverse DNS??) of the VM and an error of certificate.

Graziano.

[jmichaelson]

I was just suggeting that based on the SSL error.

What happens if you do an nslookup of 10.123.0.6? Does it resolve back to a host name?

[xdatanet]

Here is the result:

root@NagiosLS02:/home/sysadmin# nslookup 10.123.0.6
6.0.123.10.in-addr.arpa name = nagiosls02.internal.cloudapp.net.

From the GUI of the new node (error):

[This Instance] nagiosls02.internal.cloudapp.net (10.123.0.6)
SSL: no alternative certificate subject name matches target host name '10.123.0.6' Elasticsearch Database [ SSL: no alternative certificate subject name matches target host name '10.123.0.6' ]
SSL: no alternative certificate subject name matches target host name '10.123.0.6' Logstash Collector [ SSL: no alternative certificate subject name matches target host name '10.123.0.6' ]

From the GUI of the two old nodes (all ok):

nagiosls02.internal.cloudapp.net (10.123.0.6)
Search engine (elasticsearch) is running. Elasticsearch Database [ Restart ]
Log collector (logstash) is running. Logstash Collector [ Restart ] [ Stop ]

The new Azure VM is the only node I cannot change in mydomain suffix.

Graziano.

[xdatanet]

Finally we solved the problem.

In Azure VM we have to force hosts record in order to assign the name to the IP.

We added:

10.123.0.6 mynls.mydomain.com mynls

Only setting the hostname does not solve.

Now the page works.

Regards,
Graziano.

[jmichaelson]

I'm glad you got the issue resolved. I'm still curious as to how the certificate came to be since things were looking for the IP address as an alternat host name, but regardless, if you're up and running, I'm happy!

Have a great day/