"Error [ERR_TL S_CERT_ALTNAME_INVALID]: Hostname/IP Does not Match Certificate's altnames:" Which Breaks the Communication to Management Plane from Node.

Problem

Comms not able to communicate to management plane and throwing the following error.

Comms Log
    
 
[2023-09-03 14:29:35.144] [ERROR] sni-broker.v0.mgplane.pf9.localnet-::1-5672-4 - TLS socket for client 28180 error: Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: broker.v0.mgplane.pf9.localnet. is not cert's CN: mgplane.pf9.localnet
Copy

Environment

Platform9 Edge Cloud - v-5.3.0-2075501

Cause

Host agent config file is not updated with the cert_version parameter which leads comms to use an older cert version.

hostagent.conf
    
xxxxxxxxxx
 
root@worker0 ~]# cat /etc/pf9/hostagent.conf[hostagent] [ssl]cert_version=disable=True
Copy

From error message [2023-09-03 14:29:35.144] [ERROR] sni-broker.v0.mgplane.pf9.localnet-::1-5672-4 - TLS socket for client 28180 error.The sni-broker.v0 indicates it is referring to cert version v0.

Resolution

Identify the latest cert_version.

certs directory
    
xxxxxxxxxx
 
[root@mgplane ~]# ls -ltr /etc/pf9/certs/total 12drwxr-xr-x  2 root root  109 Mar 30  2022 web_test_cadrwxr-xr-x 27 root root 4096 Jul  6 04:47 v1drwxr-xr-x 27 root root 4096 Jul  6 04:47 v2drwxr-xr-x 27 root root 4096 Jul  6 04:47 v3  <<---- Latest version
Copy

Update the hostagent.conf file

hostagent.conf
    
xxxxxxxxxx
 
vi /etc/pf9/hostagent.conf [hostagent] [ssl]cert_version=v3 <--- Add the latest version here.disable=True
Copy

Restart the services.

restart services
    
xxxxxxxxxx
 
# systemctl restart pf9-comms.servcie# systemctl restart pf9-sidekick.servcie# systemctl restart pf9-hostagent.servcie
Copy

##

Last updated on

Was this page helpful?

On This Page

"Error [ERR_TL S_CERT_ALTNAME_INVALID]: Hostname/IP Does not Match Certificate's altnames:" Which Breaks the Communication to Management Plane from Node.Problem Environment Cause Resolution