Failed to fetch signed certificate


Please treat me as the newbie that I am, and assume that I might have made really basic errors.

I have a basic setup where I have my parent Icinga node and then I want to add agents to it. Parent node runs on a Ubuntu and I want to be able to monitor windows servers with it.

I ran into a few problems which turned out to be basic errors where there was one user missing from a conf-file, but all of that is now solved. Instead, I’ve run into the following issue while trying to setup the icinga agent on a windows server:

While doing the config of the agent on the server, I get the following:
information/cli: Requesting a signed certificate from the parent Icinga node.
information/cli: Writing CA certificate to file ‘C:\ProgramData\icinga2\var\lib\icinga2/certs//ca.crt’.
critical/cli: !!! Invalid ticket for CN ‘SERVER’.
critical/cli: Failed to fetch signed certificate from parent Icinga node ‘IP, 5665’. Please try again.

I used the Ticket id that was available through Director → Hosts → Host in question → Agent tab
It worked before on this same server, but I had to redo it because there seemed to be a problem with the certificate even though it went through, so I could only ping the server and not do any checks on process or likewise. Now I can’t even get past this part.

I’ve checked firewalls, checked that there are no unsigned certificates, searched so much I know most tickets in regards to this in the community by heart, tried reinstalling the agent on the windows server,

Where could I have gone wrong?

  • Director version 1.9.0:
  • Icinga Web 2 version and modules (System - About): 2.10.1
  • Icinga 2 version: 2.13.3
  • Operating System and version: ubuntu 20.04.4
  • Webserver, PHP versions: php 7.4.3

Just replying so that if someone else gets the same issue I did they can find a solution here.

It turned out that there was one big problem: me. During setup I didn’t use the node wizard and tried adding clients manually, which of course then worked with the ticket that I got through the Director. But when I couldn’t get my services to work and could only ping the server I was testing this on, I went looking for a solution and found the node wizard would make things easier, so I tried it.

At first it didn’t work at all, and it clashed with my previous manually setup files, and I went through all of them to delete and start fresh with node wizard. Once that was done, I again tried to add a client but this time the ticket didn’t work and it was because I wasn’t actually supposed to add a ticket at all. So I did my setup and skipped the ticket, went to the master and signed the generated ticket - and now I can ping my server again.

Now I have a different issue, but I’ll try and solve it myself first and if it doesn’t work I’ll add a new case here.