CMK version: 2.3.0p21.cee
OS version: Ubuntu 22.04.5 LTS
**Error message:
[agent] Communication failed: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:2559)
**
Hi,
i think i totally messed up my certificates within my site. I was using automatic agent updates with TLS registered agents just fine until i changed the certificate used by apache and the one under /opt/omd/sites/MySiteName/etc/ssl/sites/MySiteName.pem. After some fiddling around i also created a new signature key, signed and baked a new agent and reinstalled this on one of the monitored hosts, still resulting in the same error message.
When i go to an agent and call “cmk-agent-ctl status” i get the follwoging:
Version: 2.3.0p21
Agent socket: operational
IP allowlist: any
Connection: MyFQDNAddress/MySiteName
UUID: 6fce9258-9716-4498-897e-6c86c2a98847
Local:
Connection mode: pull-agent
Connecting to receiver port: 8001
Certificate issuer: Site 'MySiteName' agent signing CA
Certificate validity: Thu, 06 Mar 2025 15:15:47 +0000 - Wed, 06 Mar 2030 15:15:47 +0000
Remote:
Error: error sending request for url (https://MyFQDNAddress:8001/MySiteName/agent-receiver/registration_status_v2/6fce9258-9716-4498-897e-6c86c2a98847): error trying to connect: invalid peer certificate: UnknownIssuer (!!)
I dont understand which certificate i am supposed to verify nor do u understand, which one is issued for this connection. It also seems that the monitoring server is asking the client for a certificate. So i assumed, i could reset the whole thing with the GUI function: “Remove TLS registration”. But this doesnt tackle the error.
Please help me understand and solve this issue. I dumped alot of time into this problem already without making any progress.