Page 1 of 1
Cannot change FQDN and certificate error in new node
Posted: Mon Jul 08, 2024 11:18 am
by xdatanet
Hi,
I installed a new node with Ubuntu. I deployed NLS and joined to cluster. It worked. I noted that the FQDN of the new node is example.internal.cloudapp.net (azure local DNS name). I changed the DNS name of the VM but this not reflect to NLS.
Then I have another error (only in new node, the old ones are ok).
In System Status I can see:
Elasticsearch Database [ SSL: no alternative certificate subject name matches target host name '10.123.0.6' ]
Logstash Collector [ SSL: no alternative certificate subject name matches target host name '10.123.0.6' ]
It seems that NLS looks for ore uses the IP otherwise the FQDN.
How can solve this issue?
The Web Gui is ok with the right certificate:
https://nls02.mycompany.com.
Regards,
Graziano.
Re: Cannot change FQDN and certificate error in new node
Posted: Mon Jul 08, 2024 2:31 pm
by jmichaelson
Since you changed the host name, you may have to generate an SSL certificate with the new node name in it. Some guidance for doing this on Azure can be found here
https://azureossd.github.io/2022/04/16/ ... Azure-VMs/
Re: Cannot change FQDN and certificate error in new node
Posted: Tue Jul 09, 2024 2:01 am
by xdatanet
No, no no...
My nagiosls02.mycompany.com works like a charm in SSL. I successfully changed and configured the certificate in Apache. All the site works fine, only that page shows the old hostname (maybe a reverse DNS??) of the VM and an error of certificate.
Graziano.
Re: Cannot change FQDN and certificate error in new node
Posted: Tue Jul 09, 2024 3:16 pm
by jmichaelson
I was just suggeting that based on the SSL error.
What happens if you do an nslookup of 10.123.0.6? Does it resolve back to a host name?
Re: Cannot change FQDN and certificate error in new node
Posted: Fri Jul 12, 2024 8:11 am
by xdatanet
Here is the result:
root@NagiosLS02:/home/sysadmin# nslookup 10.123.0.6
6.0.123.10.in-addr.arpa name = nagiosls02.internal.cloudapp.net.
From the GUI of the new node (error):
[This Instance] nagiosls02.internal.cloudapp.net (10.123.0.6)
SSL: no alternative certificate subject name matches target host name '10.123.0.6' Elasticsearch Database [ SSL: no alternative certificate subject name matches target host name '10.123.0.6' ]
SSL: no alternative certificate subject name matches target host name '10.123.0.6' Logstash Collector [ SSL: no alternative certificate subject name matches target host name '10.123.0.6' ]
From the GUI of the two old nodes (all ok):
nagiosls02.internal.cloudapp.net (10.123.0.6)
Search engine (elasticsearch) is running. Elasticsearch Database [ Restart ]
Log collector (logstash) is running. Logstash Collector [ Restart ] [ Stop ]
The new Azure VM is the only node I cannot change in mydomain suffix.
Graziano.
Re: Cannot change FQDN and certificate error in new node
Posted: Fri Jul 12, 2024 11:38 am
by xdatanet
Finally we solved the problem.
In Azure VM we have to force hosts record in order to assign the name to the IP.
We added:
10.123.0.6 mynls.mydomain.com mynls
Only setting the hostname does not solve.
Now the page works.
Regards,
Graziano.
Re: Cannot change FQDN and certificate error in new node
Posted: Mon Jul 15, 2024 11:45 am
by jmichaelson
I'm glad you got the issue resolved. I'm still curious as to how the certificate came to be since things were looking for the IP address as an alternat host name, but regardless, if you're up and running, I'm happy!
Have a great day/