Node failed to establish connection to cluster

Hello,
I have got a problem with Teleport.
I am trying to add a note to a cluster but I get this error :

ERRO [PROC:1] Node failed to establish connection to cluster: Get https://172.31.23.238:3025/v1/webapi/find: x509: certificate signed by unknown authority. time/sleep.go:149

I don’t understand what is the problem because I have already add nodes to another cluster 2 weeks ago and it worked.
Now I just wanted to create another one cluster and adding nodes on it to practice (and I did the same step like the first cluster) but this time it doesn’t work.

Can someone help me?

I run two AWS Ec2 instances with ubuntu.
The version of teleport is :

Teleport v4.2.8 git:v4.2.8-0-ga9015b33 go1.13.2

I run teleport on my_auth server with this command :

sudo teleport start -c teleport.yaml -d

My teleport.yaml config file is like that:

teleport:
nodename: myauth-c
data_dir: /var/lib/teleport
pid_file: /var/run/teleport.pid
auth_token: cluster-join-token
auth_servers:

  • 0.0.0.0:3025
    connection_limits:
    max_connections: 15000
    max_users: 250
    log:
    output: stderr
    severity: INFO
    ca_pin: “”

auth_service:
enabled: “yes”
listen_addr: 0.0.0.0:3025
public_addr: 54.242.116.205:3025
tokens:

  • proxy,node:cluster-join-token
    session_recording: “”
    client_idle_timeout: 0s
    disconnect_expired_cert: false
    keep_alive_count_max: 0

ssh_service:
enabled: “no”

proxy_service:
enabled: “yes”
listen_addr: 0.0.0.0:3023
public_addr: 54.242.116.205:3023
web_listen_addr: 0.0.0.0:3080
tunnel_listen_addr: 0.0.0.0:3024
https_key_file: /var/lib/teleport/webproxy_key.pem
https_cert_file: /var/lib/teleport/webproxy_cert.pe

Try stopping Teleport on your node, deleting /var/lib/teleport from disk and then starting again. Sometimes old credentials get cached and that causes this error.

Well actually after different try it works! Thanks

I just have one question is the trustedcluster not available with the opensource version?
because I have this error when I try to make it happen :
error: the trusted cluster uses misconfigured HTTP/TLS certificate.

You can use trusted cluster functionality with the OSS version.

Trusted clusters do require the use of proper SSL/TLS certificates, however you must use something like LetsEncrypt to get a properly signed TLS certificate for your root cluster so that the trusted cluster can connect properly. The error is happening because you are using a self-signed certificate.

Okay I see! thank you for the quick response.

1 Like