Failed to verify TLS certificate with Telegraf

Telegraf
,
1

Hey,

It might be a stupid question. Actually I understand the problem but have no idea how to fix it.
I’m using Telegraf to collect data on my Proxmox server, everything’s on the same machine.
I’ve setup the token for the api and the telegraf conf:

[[inputs.proxmox]]
  ## API connection configuration. The API token was introduced in Proxmox v6.2. Required permissions for user and token: PVEAuditor role on /.
  base_url = "https://172.16.20.11:8006/api2/json"
  api_token = "root@pam!monitoring=59111b0a-.......-78931293a66d"

  insecure_skip_verify = false
  response_timeout = "5s"

Telegraf is correctly creating the base, so the problem does not come from the output plugin.
Since the proxmox API use SSL/TLS certification (actually TLS) I got as expected the error:

E! [inputs.proxmox] Error in plugin: Get "https://172.16.20.11:8006/api2/json/nodes/pve/dns": tls: failed to verify certificate: x509: certificate signed by unknown authority

But I have no idea how to fix it, do I need to generate an official certificate? Since I can access to the web interface of my Proxmox by clicking on I accept the risk I assumed that it could be done by Telegraf, but didn’t find any solution at all.
I would prefer to ignore the TLS verification…

Regards

2

It seems to be solved. Inspired by:

I took the SSL certificates using:

openssl s_client -connect 172.16.20.11:8006

Then copy it on a file located at /usr/local/share/ca-certificates/local_proxmo.crt.
Running the commands:

update-ca-certificates
update-ca-certificates --fresh

This basically add the Proxmox certificate as a trusted cert on the machine which host Telegraf.

Now I have a E! [inputs.proxmox] Error in plugin: unexpected end of JSON input error, but at least the SSL/TLS error is fixed :smiley:!

1 Like