Cannot clainm agent, problem with the SSL CA cert

agrisozo · February 19, 2025, 1:26pm

Hello!

I have installed iRedmail EE server with netdata. Base OS CentOS9. Netdata is running behing nginx proxy “domain.com/netdata”

When trying to claim an agent, I get following error:
eb 19 04:31:32 mail netdata[448123]: time=2025-02-19T04:31:32.664+02:00 comm=netdata source=daemon level=error errno=“2, No such file or directory” tid=448293 thread=WEB[1] src_transport=http role=none permissions=0x8 src_ip=localhost src_port=52070 src_forwarded_host=mail.an.pro src_forwarded_for=89.201.8.56 req_method=GET conn=0 transaction=247552eb9ceb438a8a42feb6e3b8c827 request=“/api/v3/claim?key=78066530-1806-462e-bab4-9a32a658ddee&rooms=d9d0f179-fff6-4e0d-9956-fce552cc3dcc&token=pDNzlakHsORWeaQyOggRiToTsnCbFyYKedp1rAFiD8cQeapYHF99rSPwzSunMGxOG_LUTgTBb6hXQ19C1cvFCsdTfqMhmiFwJPOdt0hdnj23vUTXXg2vspXhebfCYBS7IXyxFJ4&url=https%3A%2F%2Fapp.netdata.cloud” msg=“CLAIM: Request failed with error: Problem with the SSL CA cert (path? access rights?) (proxy is set to ‘env’)”

After trying to some suggestions from chatGPT, I finnaly decided to do kickstart, but still get the error:
[/tmp/netdata-kickstart-hX9HMcEgQ6]# /opt/netdata/bin/netdatacli reload-claiming-state
Netdata Agent is not claimed to Netdata Cloud: Request failed with error: Problem with the SSL CA cert (path? access rights?) (proxy is set to ‘env’)

How to fix this? Got an subscription from I have no use…

ilyam8 · February 19, 2025, 7:30pm

Did you try claiming via UI?

ilyam8 · February 19, 2025, 7:32pm

What is your Netdata version?

agrisozo · February 19, 2025, 7:54pm

v2.2.5

and yes. I tried that in a first place, then I started to dig deeper. When pressing a claim btn, it shows Claming and after 1-2 sec. it just shows Claim again.

ilyam8 · February 20, 2025, 8:16am

Can you show what Netdata logs when you click Claim?

journalctl _SYSTEMD_INVOCATION_ID="$(systemctl show --value --property=InvocationID netdata)" --namespace=netdata

ilyam8 · February 20, 2025, 8:23am

I think this issue maybe fixed in the nightly version. Can you give it a try?

agrisozo · February 20, 2025, 8:41am

Feb 20 10:37:13 mydomain.com netdata[759673]: time=2025-02-20T10:37:13.142+02:00 comm=netdata source=daemon level=error errno="2, No such file or directory" tid=760067 thread=WEB[6] src_transport=http role=none permissions=0x8 src_ip=localhost src_port=41000 src_forwarded_host=mydomain.com src_forwarded_for=212.3.197.166 req_method=GET conn=0 transaction=d791c8ba3f6447eba6a9c3512da7b3d8 request="/api/v3/claim?key=e2d702d8-f391-4e43-a0fe-ac27591f41e2&rooms=d9d0f179-fff6-4e0d-9956-fce552cc3dcc&token=tIk27aZoF1ZQSgQBevacrCFufO5YXKIHq7R_JRbeV_4ewe8fP4tMklfADxmZgjR9OTJe5CGxEA4NrQ0m_C5gUJSgPslGPKtVvYjO1rFQMJAo-lG70MH38RirTaDBYuDEswInGSM&url=https%3A%2F%2Fapp.netdata.cloud" msg="CLAIM: Request failed with error: Problem with the SSL CA cert (path? access rights?) (proxy is set to 'env')"

same line 5 times

agrisozo · February 20, 2025, 8:43am

still nothing.
[/tmp/netdata-kickstart-JJxFEbZPGY]# /opt/netdata/bin/netdatacli reload-claiming-state
Netdata Agent is not claimed to Netdata Cloud: Request failed with error: Problem with the SSL CA cert (path? access rights?) (proxy is set to ‘env’)

ilyam8 · February 20, 2025, 8:59am

Could you share detailed reproduction steps for this issue? Please include:

Linux distribution and version
Required configurations
Environment setup details

ilyam8 · February 20, 2025, 10:31am

Ok, I reproduced the problem.

Feb 20 12:25:18 shared-centos9 netdata[6602]: CLAIM: Request failed with error: Problem with the SSL CA cert (path? access rights?) (proxy is set to 'env')
Feb 20 12:25:19 shared-centos9 netdata[6602]: CLAIM: Request failed with error: Problem with the SSL CA cert (path? access rights?) (proxy is set to 'env')
Feb 20 12:25:19 shared-centos9 netdata[6602]: CLAIM: Request failed with error: Problem with the SSL CA cert (path? access rights?) (proxy is set to 'env')
Feb 20 12:25:20 shared-centos9 netdata[6602]: CLAIM: Request failed with error: Problem with the SSL CA cert (path? access rights?) (proxy is set to 'env')
Feb 20 12:25:21 shared-centos9 netdata[6602]: CLAIM: Request failed with error: Problem with the SSL CA cert (path? access rights?) (proxy is set to 'env')

It is fixed in the nightly release. We will do a patch release.

agrisozo · February 20, 2025, 1:47pm

Ou, cool.
Do you still need a system info from me?

ilyam8 · February 20, 2025, 1:49pm

No. I reproduced the problem on a Centos9 VM:

$ cat /etc/os-release
NAME="CentOS Stream"
VERSION="9"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="9"
PLATFORM_ID="platform:el9"
PRETTY_NAME="CentOS Stream 9"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:centos:centos:9"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://issues.redhat.com/"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"

Topic		Replies	Views
Unable to claim node. error is: Failed to connect to https://app.netdata.cloud, return code 60 Help cloud	7	1186	March 24, 2023
Netdata agent is unable to connect with netdata cloud Help	11	1553	October 23, 2023
Issues installing Netdata on servers Help agent , cloud , installation , node-claiming	7	2143	July 14, 2022
Claim successful but agent could not be notifed Help agent , cloud	15	885	August 31, 2022
Can't connect to cloud when trying to claim node Help agent , cloud , installation , node-claiming	3	1032	December 6, 2022

Cannot clainm agent, problem with the SSL CA cert

Related topics