Telegraph Cannot Get SSL Cert

Getting the following error:

[inputs.x509_cert] Error in plugin: cannot get SSL cert ‘https://server:443’: tls: failed to parse certificate from server: x509: invalid certificate policies.

I test it on the server the telegraf instance is running and it works fine:

openssl s_client -servername server -connect server:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Jun 21 22:55:36 2022 GMT
notAfter=Jun 20 22:55:36 2025 GMT

My other certs are working fine with telegraf. What can I do to troubleshoot?

did you follow this tls/ssl setup?

It’s working with the other certs by using that doc

Server 4 is the issue:

sources = [“https://server1:443”, “https://server2:443”, “https://server3:443”, “https://server4:443”]

I see the code issue causing it:

i doubt the issue is the code if all other servers work. what is net difference of server4

It is from a local CA not Digicert

Is there a --ignore-ca-cert switch?

for what? openssl? your questions are too short and vague

Sorry. In the telegraf config. Maybe the local CA is throwing it off

gotcha. Then what would be the use of tls/ssl with cert ignored? is this just to do a test of the cert issue?

Cert expiration date. I’m not trying to ignore the cert but the local certificate authority. That’s the only difference between this and the other certs

I ran telegraf --test | grep x509.

I see the first three certs get tested, but the fourth is ignored or nothing in output in regards to the cert. Is it’s placement in the config a contributing factor?

what question is this vague answer related to? Please show us your fill config file

Here is the config:

sources = [“https://server1:443”, “https://www.server2:443”, “https://server3:443”, “https://server4:443”]
timeout = “15s”
exclude_root_certs = true

Talked to Influx about this issue. Has to do with a bug in the code:

My code is right so a bug is getting submitted

1 Like