Netdata Community

Certificate Expired error while connecting to Cloud

Hello,

Tell me what could be the problem. Until October 2, I used the service https://app.netdata.cloud/ and my 15 nodes worked successfully. After October 2, half stopped working, I found out through “netdata -W buildinfo” this is due to the parameter:
ACLK-NG New Cloud Protocol: YES
Tell me how to transfer ACLK-NG New Cloud Protocol: to NO state?
Half of my nodes are successfully displayed in the cloud for which this parameter is disabled, while the NetData version is completely the same. I tried reloading but it didn’t work. UNREACHABLE

Features:
dbengine: YES
Native HTTPS: YES
Netdata Cloud: YES
ACLK Next Generation: YES
ACLK-NG New Cloud Protocol: YES
ACLK Legacy: YES
TLS Host Verification: YES
Libraries:
jemalloc: NO
JSON-C: YES
libcap: NO
libcrypto: YES
libm: YES
LWS: YES static v3.2.2
mosquitto: YES
tcalloc: NO
zlib: YES
Plugins:
apps: YES
cgroup Network Tracking: YES
CUPS: NO
EBPF: YES
IPMI: NO
NFACCT: NO
perf: YES
slabinfo: YES
Xen: NO
Xen VBD Error Tracking: NO
Exporters:
AWS Kinesis: NO
GCP PubSub: NO
MongoDB: NO
Prometheus Remote Write: NO

Hello @1116 that message means New Cloud Protocol is available but it is not used yet. Could you post output of grep -ai aclk error.log? Is it possible your system is CentOS7?

Hi,

Judging from the date your connection stopped working, the issue was likely caused by the expiry of the old Let’s Encrypt root certificate. If your log contains the error Libwebsockets: SSL error: certificate has expired, you’ll have to update your local CA certificate and OpenSSL packages, depending on the distribution.

Best regards,
Jochen

thx @geewiz that is indeed correct and the reason why I asked about the OS.

aclk_send_https_request GET
2021-10-05 07:25:05: netdata ERROR : ACLK_Main : Libwebsockets: SSL error: certificate has expired (preverify_ok=0;err=10;depth=3)
2021-10-05 07:25:05: netdata ERROR : ACLK_Main : Challenge failed:
2021-10-05 07:25:05: netdata INFO : ACLK_Main : Retrying to establish the ACLK connection in 1024.000 seconds

I am using Centos 7 and I do not see where to replace the certificate.
OpenSSL 1.0.2k-fips 26 Jan 2017

Tell me what actions need to be done on the Centos 7 to make NetData work in the cloud. I can’t find information on the Internet. Thanks for the help.

The problem here is not with Netdata certificate (in fact any service or website using Lets Encrypt would be broken) but with ca-certificates on CentOS 7 (being older system) not being updated. Some helpful information can be found here https://blog.devgenius.io/rhel-centos-7-fix-for-lets-encrypt-change-8af2de587fe4

Is your ca-certificates pkg updated to the latest version?

Thanks! The problem is solved, it works.