How to skip tls verification when getting config file over https

angeloonline · November 29, 2023, 3:53pm

Hi all,
how can skip tls verification when retrieving config file from a server when certificate is self signed or provided by Let’s encrypt?
I got an error similar to the following :
error loading config file https://serverName:8086/api/v2/telegrafs/0aecdc4770aef000: retry 0 of 3 failed connecting to HTTP config server: Get “https://serverName:8086/api/v2/telegrafs/0aecdc4770aef000”: tls: failed to verify certificate: x509: certificate signed by unknown authority

I didn’t find any infos about this case.

Thanks

jpowers · November 29, 2023, 4:24pm

Hi,

I do not believe we have an ignore or disable TLS or cert verification for remote config files. I think there is good reason to not allow this given the sensitive nature of them at times.

However, if you have the cert, then I would suggest adding it to your system cert pool and I believe Telegraf will look there for it.

angeloonline · November 29, 2023, 5:20pm

Hi,
I’ve solved adding Let’s encrypt intermediate certificate (Chain of Trust - Let's Encrypt) to my ubuntu cert pool:

apt-get install ca-certificates ca-certificates-java -y
wget https://letsencrypt.org/certs/lets-encrypt-r3.pem -O /usr/local/share/ca-certificates/lets-encrypt-r3.crt
update-ca-certificates
update-ca-certificates --fresh

Topic		Replies	Views
[inputs.x509_cert] Error in plugin: cannot get SSL cert Issue Telegraf telegraf	25	1209	February 24, 2023
Telegraf Kafka output SSL questions Telegraf telegraf	4	3131	January 30, 2018
[inputs.x509_cert] Error in plugin: cannot get SSL cert Telegraf	1	529	August 17, 2022
Telegraf: monitoring SSL certificate telegraf	6	1083	June 18, 2021
How to configure Telegraf on Windows server to read certificates Telegraf	1	368	October 11, 2023

How to skip tls verification when getting config file over https

Related Topics