Solved

SSL Cert Update Issue

  • 10 August 2022
  • 2 replies
  • 230 views
I
Badge

So i uploaded my new certs, everything went fine, prism then restarted, but then I get the following message when trying to connect again.

refused to connect.

I’ve stoped the prism service and did a cluster start, prism is showing as running but I can’t get anything other then the above message.

I can’t even update the certs again incase its a cert issue as the web interface is not working and I can’t for the life of me find a way to do it via ssh.

icon

Best answer by itops-mgmt-31630 11 August 2022, 11:54

View original
This topic has been closed for comments

2 replies

I
Badge

Getting the following in helt checks

Running : health_checks system_checks check_ssl_expiry
[==================================================] 100%
/health_checks/system_checks/check_ssl_expiry                                                                                                                                                         [ ERR  ]
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Detailed information for check_ssl_expiry:
Node XXX.XXX.XXX.XXX:
ERR : Failed to check expiry. ErrMsg: [Errno 111] Connection refused
Node XXX.XXX.XXX.XXX:
ERR : Failed to check expiry. ErrMsg: [Errno 111] Connection refused
Node XXX.XXX.XXX.XXX:
ERR : Failed to check expiry. ErrMsg: [Errno 111] Connection refused
Node XXX.XXX.XXX.XXX:
ERR : Failed to check expiry. ErrMsg: [Errno 111] Connection refused
Node XXX.XXX.XXX.XXX:
ERR : Failed to check expiry. ErrMsg: [Errno 111] Connection refused
Node XXX.XXX.XXX.XXX:
ERR : Failed to check expiry. ErrMsg: [Errno 111] Connection refused
Refer to KB 11493 (http://portal.nutanix.com/kb/11493) for details on check_ssl_expiry or Recheck with: ncc health_checks system_checks check_ssl_expiry --cvm_list=XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX,XXX.XXX.XXX.XXX

One or more plugins generated ERROR as the check execution couldn't be completed. Please re-run the check individually or reach out to Nutanix Support.
+-----------------------+
| State         | Count |
+-----------------------+
| Error         | 1     |
| Total Plugins | 1     |
+-----------------------+
Plugin output written to /home/nutanix/data/logs/ncc-output-latest.log
 

 

I
Badge

So I came accross this, and managed to generate new certs insteaf of importing (import command would not work) ssl-certificate: SSL Certificate

After generating them with 

ssl-certificate ssl-certificate-generate

I ran the following to restart prism too

genesis stop prism
cluster start

and it came back up! Painfull but it worked! Some of the ncli commands keps comming back with errors so the default generate was the route I took.

Terms & Conditions