-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
documentation: auto encrypt on an existing Consul datacenter not possible? #6127
Comments
This also seems to contradict the documentation in the Learn Consul guide:
|
I'm having the same issues here. Is this being looked after? |
Thanks for reporting @42wim, @rollerd and @isaac-mj. The documentation is not correct and will be fixed. Setting up Let me know if it works for you or if you need more guidance. |
I'm having a similar issue. I'm currently setting up a new single-node cluster (for now) on 1.5.3 and I'm following the guide to securing RPC communication with TLS encryption. I'm trying to configure the UI for HTTPS which requires setting |
@i0rek for an existing it's not possible to use Also on a new setup you can't use the UI anymore like @thevanitas reports |
I created an issue for this #6338. I think you should be able to serve the UI from a client in the meanwhile. Sorry for the troubles. |
@i0rek i've upgraded to 1.6.1, it's still not possible to enable auto encrypt on an existing datacenter though. I'm trying to configure first of the 3 servers. I can now set
Full config
|
@TheManyula your issues should be fixed, that true? Thanks! |
@i0rek Yes I'm trying to upgrade a non-TLS cluster to auto_encrypt and following the procedure on https://learn.hashicorp.com/consul/security-networking/certificates I'm doing basically step 1 and then changing the verify_incoming and verify_outgoing to false like in the documentation
|
@42wim I think you need to
The logs you posted indicate that a client tries to communicate via TLS without having a certificate. |
@i0rek well the main issue is that it's not possible to disable
|
@i0rek I'm running a |
Thank you for confirming @42wim! |
Hey there, This issue has been automatically locked because it is closed and there hasn't been any activity for at least 30 days. If you are still experiencing problems, or still have questions, feel free to open a new one 👍. |
I've upgraded to v1.5.2 and wanted to migrate to auto encrypt. According to the documentation on https://learn.hashicorp.com/consul/security-networking/certificates this should be possible
But, with auto encrypt it's not possible to set
verify_incoming
tofalse
.Consul bails with
==> if auto_encrypt.allow_tls is turned on, TLS must be configured in order to work properly.
consul/agent/config/builder.go
Lines 1113 to 1117 in 97ecc05
The text was updated successfully, but these errors were encountered: