Getting the following error:
[inputs.x509_cert] Error in plugin: cannot get SSL cert ‘https://server:443’: tls: failed to parse certificate from server: x509: invalid certificate policies.
I test it on the server the telegraf instance is running and it works fine:
openssl s_client -servername server -connect server:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Jun 21 22:55:36 2022 GMT
notAfter=Jun 20 22:55:36 2025 GMT
My other certs are working fine with telegraf. What can I do to troubleshoot?
did you follow this tls/ssl setup?
It’s working with the other certs by using that doc
I see the code issue causing it:
i doubt the issue is the code if all other servers work. what is net difference of server4
It is from a local CA not Digicert
Is there a --ignore-ca-cert switch?
for what? openssl? your questions are too short and vague
Sorry. In the telegraf config. Maybe the local CA is throwing it off
gotcha. Then what would be the use of tls/ssl with cert ignored? is this just to do a test of the cert issue?
Cert expiration date. I’m not trying to ignore the cert but the local certificate authority. That’s the only difference between this and the other certs
I ran telegraf --test | grep x509.
I see the first three certs get tested, but the fourth is ignored or nothing in output in regards to the cert. Is it’s placement in the config a contributing factor?
what question is this vague answer related to? Please show us your fill config file
Here is the config:
sources = [“https://server1:443”, “https://www.server2:443”, “https://server3:443”, “https://server4:443”]
timeout = “15s”
exclude_root_certs = true
Talked to Influx about this issue. Has to do with a bug in the code:
My code is right so a bug is getting submitted