Hey,
Iam trying to configure opensearch using letsencrypt certificate. everything used to work normally but now i’am getting
Error:
[2024-05-21T13:33:19,375][WARN ][o.o.h.AbstractHttpServerTransport] [opensearch-cluster-master-0] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:43918}
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
Configuration:
opensearch.yml: |
cluster.name: opensearch-cluster
# Bind to all interfaces because we don't know what IP address Docker will assign to us.
network.host: 0.0.0.0
# Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again.
# Implicitly done if ".singleNode" is set to "true".
# discovery.type: single-node
# Start OpenSearch Security Demo Configuration
# WARNING: revise all the lines below before you go into production
plugins:
security:
nodes_dn:
- 'CN=opensearch.labadeiz.adeiz.eu'
ssl:
transport:
pemcert_filepath: certs/tls.crt
pemkey_filepath: certs/tls.key
pemtrustedcas_filepath: certs/tls.crt
enforce_hostname_verification: false
http:
enabled: true
pemcert_filepath: certs/tls.crt
pemkey_filepath: certs/tls.key
pemtrustedcas_filepath: certs/tls.crt
allow_unsafe_democertificates: true
allow_default_init_securityindex: true
authcz:
admin_dn:
- 'CN=opensearch.labadeiz.adeiz.eu'
audit.type: internal_opensearch
enable_snapshot_restore_privilege: true
check_snapshot_restore_write_privileges: true
restapi:
roles_enabled: ["all_access", "security_rest_api_access"]
system_indices:
enabled: true
indices:
[
".opendistro-alerting-config",
".opendistro-alerting-alert*",
".opendistro-anomaly-results*",
".opendistro-anomaly-detector*",
".opendistro-anomaly-checkpoints",
".opendistro-anomaly-detection-state",
".opendistro-reports-*",
".opendistro-notifications-*",
".opendistro-notebooks",
".opendistro-asynchronous-search-response*",
]
######## End OpenSearch Security Demo Configuration ########
extraEnvs:
- name: DISABLE_INSTALL_DEMO_CONFIG
value: "true"
extraVolumes:
- name: opensearch-certs
secret:
secretName: tls-for-opensearch
- name: opensearch-root-certs
secret:
secretName: root-ca
extraVolumeMounts:
- name: opensearch-certs
mountPath: /usr/share/opensearch/config/certs
readOnly: true
- name: opensearch-root-certs
mountPath: /usr/share/opensearch/config/root
securityConfig:
enabled: true
path: "/usr/share/opensearch/config/opensearch-security"
actionGroupsSecret:
configSecret:
internalUsersSecret: internalusers-secret
rolesSecret:
rolesMappingSecret:
tenantsSecret:
config:
securityConfigSecret: ""
dataComplete: true
data: {}
ingress:
enabled: false