Certificate error when connecting from Icinga Host to Icinga Master

Hello
I have a problem with the connection between Icinga Host and Master. I get the following error messages:

[2024-11-21 11:55:00 +0100] information/ApiListener: Reconnecting to endpoint ‘m15084.fritz.box’ via host ‘192.168.20.139’ and port ‘5665’
[2024-11-21 11:55:00 +0100] warning/ApiListener: Unexpected certificate common name while connecting to endpoint ‘m15084.fritz.box’: got ‘m15084’
[2024-11-21 11:55:00 +0100] information/ApiListener: Finished reconnecting to endpoint ‘m15084.fritz.box’ via host ‘192.168.20.139’ and port ‘5665’
[2024-11-21 11:55:01 +0100] information/ApiListener: New client connection for identity ‘m15084’ from [::ffff:192.168.20.139]:52948 (certificate validation failed: code 18: self-signed certificate)
[2024-11-21 11:55:01 +0100] warning/ApiListener: No data received on new API connection from [::ffff:192.168.20.139]:52948 for identity ‘m15084’. Ensure that the remote endpoints are properly configured in a cluster setup.

I have an Icinga infrastructure that looks like this:
Icinga Master 01
Zones.conf

/*

  • Generated by Icinga 2 node setup commands
  • on 2024-11-19 15:24:52 +0100
    */

object Endpoint “icingamaster01.fritz.box” {
port = “5665”
}

object Zone “master” {
endpoints = [ “icingamaster01.fritz.box”, “icingamaster02.fritz.box” ]
}

object Endpoint “icingamaster02.fritz.box” {
host = “192.168.20.47”
port = “5665”
}

object Zone “global-templates” {
global = true
}

object Zone “director-global” {
global = true
}

Icinga Master 02
Zones.conf
/*

  • Generated by Icinga 2 node setup commands
  • on 2024-11-21 09:37:57 +0100
    */

object Endpoint “icingamaster01.fritz.box” {
port = “5665”
}

object Zone “master” {
endpoints = [ “icingamaster01.fritz.box”, “icingamaster02.fritz.box” ]
}

object Endpoint “icingamaster02.fritz.box” {
}

object Zone “global-templates” {
global = true
}

object Zone “director-global” {
global = true
}

Icinga DB Redis bzw. Redis Server
Icinga Databases Server
Icinga Web Server

there is some error in your agent depolyment.
your icinga wants to access an endpoint named m15084.fritz.box but the certificate is signed for m15084.

the node on the other hand thinks his name is m15084 and gets refused by icinga for not having a signed certificate.

1 Like