Netdata Community

Server display "unreachable" status in netdata cloud

Problem/Question

One of my server is displayed “unreachable” status in netdata cloud. I check the error message but not sure it is related to this issue. Please advice!

2021-11-01 03:07:26: netdata INFO : ACLK_Main : Attempting connection now
2021-11-01 03:07:26: netdata ERROR : ACLK_Main : Cert Chain verify error:num=10:certificate has expired:depth=3:/O=Digital Signature Trust Co./CN=DST Root CA X3
2021-11-01 03:07:26: netdata ERROR : ACLK_Main : SSL_write Err: SSL_ERROR_SSL
2021-11-01 03:07:26: netdata ERROR : ACLK_Main : Couldn’t write HTTP request header into SSL connection
2021-11-01 03:07:26: netdata ERROR : ACLK_Main : Couldn’t process request
2021-11-01 03:07:26: netdata ERROR : ACLK_Main : Error trying to contact env endpoint
2021-11-01 03:07:26: netdata ERROR : ACLK_Main : Failed to Get ACLK environment
2021-11-01 03:07:26: netdata INFO : ACLK_Main : Wait before attempting to reconnect in 0.756 seconds

2021-11-01 11:16:24: netdata ERROR : MAIN : CGROUP: cannot read directory ‘/sys/fs/cgroup/cpu,cpuacct’ (errno 13, Permission denied)
2021-11-01 11:16:24: netdata ERROR : MAIN : CGROUP: cannot read directory ‘/sys/fs/cgroup/blkio’ (errno 13, Permission denied)
2021-11-01 11:16:24: netdata ERROR : MAIN : CGROUP: cannot read directory ‘/sys/fs/cgroup/memory’ (errno 13, Permission denied)
2021-11-01 11:16:24: netdata ERROR : MAIN : CGROUP: cannot read directory ‘/sys/fs/cgroup/devices’ (errno 13, Permission denied)
2021-11-01 11:16:25: netdata LOG FLOOD PROTECTION too many logs (201 logs in 14 seconds, threshold is set to 200 logs in 1200 seconds). Preventing more logs from process ‘netdata’ for 1186 seconds.

Environment/Browser

Chrome

What I expected to happen

Display server status in the cloud.

Please see Certificate verification error connecting to the cloud - #2

Thank you for your reply. I just checked the article. Not sure is it secure to run the following command on the production server.

trust dump --filter “pkcs11:id=%c4%a7%b1%a4%7b%2c%71%fa%db%e1%4b%90%75%ff%c4%15%60%85%89%10” | openssl x509 | sudo tee /etc/pki/ca-trust/source/blacklist/DST-Root-CA-X3.pem
sudo update-ca-trust extract

The point is that you need to update the certificate chains for the certificate authorities.
There are suggested ways to do that for every Linux distribution out there, the article just explains the issue.

1 Like