Issue with the Director Kickstarter and HTTPS immediately disconnecting

I am running Icinga within Docker containers.

I have a separate container for the database, icinga2 process and icingaweb2.

I have configured everything correctly to my knowledge. But I have no idea why the kickstarter process on the director is failing.

The API is working. I can do the test on the command line with curl and it responds with a successfully authenticated.

curl -k -u “localadmin:removed” https://icinga2:5665/v1

Icinga 2

Hello from Icinga 2 (Version: r2.12.3-1)!

You are authenticated as localadmin. Your user has the following permissions:

  • *

More information about API requests is available in the documentation.

root@icingaweb2:/etc/icingaweb2#

I can see it working in the icinga 2 logs. I have seen it working in Wireshark. It just seems to disconnect almost immediately after connecting.

[2021-03-19 05:08:30 +0000] information/ApiListener: New client connection from [172.18.0.4]:51456 (no client certificate)
[2021-03-19 05:08:30 +0000] information/HttpServerConnection: Request: GET /v1/ (from [172.18.0.4]:51456), user: localadmin, agent: , status: OK).
[2021-03-19 05:08:30 +0000] information/HttpServerConnection: Request: GET /v1/objects/zones (from [172.18.0.4]:51456), user: localadmin, agent: , status: OK).
[2021-03-19 05:08:30 +0000] information/HttpServerConnection: Request: GET /v1/objects/endpoints (from [172.18.0.4]:51456), user: localadmin, agent: , status: OK).
[2021-03-19 05:08:30 +0000] information/HttpServerConnection: HTTP client disconnected (from [172.18.0.4]:51456)

The error given on the kickstarter page is:

  • I was unable to re-establish a connection to the Endpoint “icinga2.removed” (icinga2:5665). When reconnecting to the configured Endpoint (icinga2.removed:5665) I get an error: CURL ERROR: Resolving timed out after 3000 milliseconds Please re-check your Icinga 2 endpoint configuration (KickstartHelper.php:378)

I have tried this on the command line and the result is the same. Everything seems to be working but I have no idea how to troubleshoot why the kickstarter process is failing.

I have the database setup, and I can see the tables have been created within it.

What have I done wrong?

Best Regards,

Is there a natural law that when you post a message on a forum you find the solution within the next hour?

My problem was I was using a FQDN for my zone name, in this case icinga2.mycompany.com (I have just put removed in the OP)

I have a root certificate authority installed for that domain. Once I changed the zone setup to simply icinga2 then the import continued to work.

So there must be some issue when you use the default generated CA within the master setup wizard, install your own CA as trusted on the backend operating system, and then use the FQDN for that domain as the master.